hilfe mein git ist komisch

etc/openvpn/easy-rsa/openssl-easyrsa.cnf

@@ -0,0 +1,149 @@
+# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::EASYRSA_PKI	# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir/certs_by_serial	# default place for new certs.
+
+certificate	= $dir/ca.crt		# The CA certificate
+serial		= $dir/serial		# The current serial number
+crl		= $dir/crl.pem		# The current CRL
+private_key	= $dir/private/ca.key	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= basic_exts		# The extensions to add to the cert
+
+# A placeholder to handle the --copy-ext feature:
+#%COPY_EXTS%	# Do NOT remove or change this line as --copy-ext support requires it
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions	= crl_ext
+
+default_days	= $ENV::EASYRSA_CERT_EXPIRE	# how long to certify for
+default_crl_days	= $ENV::EASYRSA_CRL_DAYS	# how long before next CRL
+default_md	= $ENV::EASYRSA_DIGEST		# use public key default MD
+
+# Note: preserve=no|yes, does nothing for EasyRSA.
+# Use sign-req command option 'preserve' instead.
+preserve	= no			# keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject	= no
+
+# A few different ways of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+serialNumber	= optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits		= $ENV::EASYRSA_KEY_SIZE
+default_keyfile	= privkey.pem
+default_md		= $ENV::EASYRSA_DIGEST
+distinguished_name	= $ENV::EASYRSA_DN
+x509_extensions		= easyrsa_ca	# The extensions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS%	# Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName		= Common Name (eg: your user, host, or server name)
+commonName_max		= 64
+commonName_default	= $ENV::EASYRSA_REQ_CN
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::EASYRSA_REQ_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::EASYRSA_REQ_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::EASYRSA_REQ_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::EASYRSA_REQ_ORG
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= $ENV::EASYRSA_REQ_OU
+
+commonName			= Common Name (eg: your user, host, or server name)
+commonName_max			= 64
+commonName_default		= $ENV::EASYRSA_REQ_CN
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::EASYRSA_REQ_EMAIL
+emailAddress_max		= 64
+
+serialNumber		= Serial-number (eg, device serial-number)
+serialNumber_default	= $ENV::EASYRSA_REQ_SERIAL
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints	= CA:FALSE
+subjectKeyIdentifier	= hash
+authorityKeyIdentifier	= keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# A placeholder to handle the $X509_TYPES and CA extra extensions $EXTRA_EXTS:
+#%CA_X509_TYPES_EXTRA_EXTS%	# Do NOT remove or change this line as $X509_TYPES and EXTRA_EXTS demands it
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always

etc/openvpn/easy-rsa/pki/ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUd4INqGTrRX8tpNjILVfLp/FW9JowDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjUxMDA2MTcyNjM1WhcNMzUx
+MDA0MTcyNjM1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL0DDWBsUoqQdvX8UytBHfSZYUmPL/dvyYQt/STT
+7cZKsl0OqV2EzqhGJYPmPHcKiBoeEoqaBsHnLa/c6PbGWrvztFXHotYOMW0Jigv2
+KKotB2GT9k7mhrOcUMuu6J6SossJtlekebQkIBXj7N31m+Zs/k5kayeaScg8cCYW
+o7SwP2afUZ7vSsxisAgEnKsq0fousPguGdT5Ooh0TAUEKl/PR69pGMaXD1MQl5wv
+dcJV3X2GhcXpJbAGuhBjcZB/LCFjtlQ+9IDvhcN4rhWNa0LsMoL3sPh/dsdt0G2c
+bxc4+OuLQ42eWcAV0RsTMGofTULcRuXcA3XvTRllgCWplbUCAwEAAaOBkDCBjTAM
+BgNVHRMEBTADAQH/MB0GA1UdDgQWBBTdFqHUghgUs4N1F02DZ5P7TfJYtzBRBgNV
+HSMESjBIgBTdFqHUghgUs4N1F02DZ5P7TfJYt6EapBgwFjEUMBIGA1UEAwwLRWFz
+eS1SU0EgQ0GCFHeCDahk60V/LaTYyC1Xy6fxVvSaMAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAP0X9x4SQFXaR7FEYwjAQ+uX1EtWQP+GhA3MKQI7scQL6
+TxMc/103x7Ty3Sb0tbG9iOMb5v9rXqiLFyzxqZAh4yiLnsJDwe/OlozfkVcGhXcl
+L67q56je+D/PptD6UoWBYvLPPdu8DNaa/0aVsyE0hXIrjnNYNz8Kb9YXLmbxp051
+/5GxpMdonyEOIxQv40lITDH0Ynlx0QiPF0bqDYT5nsMGx8gRTStKL+WMQGi0CHGe
+PoyOFdR0JdJcR6vvr8b+32fHeIZrpwTrqUoUJuR0HtFrhhIF7es9bmw3px1mMd1M
+OJ+fp9iYT1JcKtB6WeV+TOTkfsFzdg+EIqG4os+ZzA==
+-----END CERTIFICATE-----

etc/openvpn/easy-rsa/pki/certs_by_serial/1AD495E082C3D1972625515573003DFE.pem

@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            1a:d4:95:e0:82:c3:d1:97:26:25:51:55:73:00:3d:fe
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Oct  6 17:26:35 2025 GMT
+            Not After : Jan  9 17:26:35 2028 GMT
+        Subject: CN=emy-laptop
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e4:5c:37:61:fa:ac:b0:8a:93:3d:b4:9a:3b:5c:
+                    92:85:da:27:6e:06:d5:c8:3e:fd:a5:68:68:94:7f:
+                    74:c8:b0:b2:8d:f8:d5:b8:17:1f:af:b3:18:23:c3:
+                    09:a0:7c:20:f9:67:67:4c:18:e4:ba:a3:16:b9:8d:
+                    7c:cd:ea:86:0e:42:24:00:db:cb:84:c7:7d:b9:5e:
+                    9c:2c:3d:7e:84:2f:cd:31:72:39:c4:be:ea:53:ce:
+                    62:95:fc:c3:12:ee:e8:28:6c:81:82:17:61:59:c7:
+                    cd:81:58:ad:13:f3:08:d0:99:62:65:e1:34:0e:e0:
+                    00:77:96:45:63:f8:b6:c1:7e:4f:2e:f9:fd:00:4c:
+                    d3:c1:51:0f:d5:44:9c:40:22:64:be:3b:7c:b0:4c:
+                    71:52:05:57:a1:02:f5:b0:95:10:03:c9:be:48:2c:
+                    f6:79:d4:46:1f:33:1a:67:c3:de:02:a0:06:50:74:
+                    20:0b:32:62:ab:28:1b:e9:37:5c:22:b7:81:03:0e:
+                    0d:a6:e9:2d:4a:30:e0:3a:48:6e:93:55:15:30:fd:
+                    fe:9e:03:26:45:ff:05:4c:d0:f9:ad:74:7c:c5:7b:
+                    5e:91:71:a3:96:a2:d3:94:81:80:50:7c:4d:d5:01:
+                    ec:0f:72:15:4c:f9:58:79:70:70:9b:aa:a5:2b:4e:
+                    e3:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                34:04:A6:AE:98:9D:F5:BA:A9:32:EA:B3:70:7E:4D:02:BE:61:A2:5A
+            X509v3 Authority Key Identifier: 
+                keyid:DD:16:A1:D4:82:18:14:B3:83:75:17:4D:83:67:93:FB:4D:F2:58:B7
+                DirName:/CN=Easy-RSA CA
+                serial:77:82:0D:A8:64:EB:45:7F:2D:A4:D8:C8:2D:57:CB:A7:F1:56:F4:9A
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        64:e4:69:7d:d8:2e:8d:20:fd:b2:59:5e:f8:13:41:85:a2:d3:
+        01:2e:84:d7:8c:50:d0:42:fd:c7:e6:3b:5c:b7:fc:77:a6:93:
+        92:54:63:ed:6e:90:24:c4:93:e6:d1:fb:ee:65:7e:4b:98:fb:
+        44:41:0f:7d:a3:5c:cd:44:69:8c:f9:69:0e:4c:77:1e:cb:0b:
+        13:08:22:f4:93:51:89:da:0d:a4:60:e8:6c:3c:a9:7a:a6:6d:
+        92:d1:33:5c:30:bc:43:54:67:85:ae:26:4f:17:d4:40:da:d4:
+        32:96:30:ef:8b:30:7c:04:36:b8:a8:e5:a3:46:97:99:77:c3:
+        77:1e:5c:12:f3:f6:db:b3:49:3a:d7:e9:02:3f:67:58:9a:54:
+        6f:1a:c2:59:52:8c:4a:5f:bd:41:02:d7:ef:99:75:06:64:6b:
+        6a:68:94:f5:3e:04:67:a8:3e:1f:c0:8b:97:e4:cf:72:04:a9:
+        dd:53:24:b9:62:10:90:c3:ab:e1:f4:c5:4e:f5:e5:de:27:85:
+        11:54:8e:11:68:f8:1c:d0:d5:0a:af:a0:64:27:76:0b:51:67:
+        09:4a:d7:21:ee:b4:44:87:34:e6:73:00:e0:64:92:52:ab:6f:
+        1e:8d:de:84:e9:fb:d9:a5:b8:52:48:6f:01:6c:ed:7b:de:8d:
+        b7:9d:9a:56
+-----BEGIN CERTIFICATE-----
+MIIDWDCCAkCgAwIBAgIQGtSV4ILD0ZcmJVFVcwA9/jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yNTEwMDYxNzI2MzVaFw0yODAxMDkx
+NzI2MzVaMBUxEzARBgNVBAMMCmVteS1sYXB0b3AwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDkXDdh+qywipM9tJo7XJKF2iduBtXIPv2laGiUf3TIsLKN
++NW4Fx+vsxgjwwmgfCD5Z2dMGOS6oxa5jXzN6oYOQiQA28uEx325XpwsPX6EL80x
+cjnEvupTzmKV/MMS7ugobIGCF2FZx82BWK0T8wjQmWJl4TQO4AB3lkVj+LbBfk8u
++f0ATNPBUQ/VRJxAImS+O3ywTHFSBVehAvWwlRADyb5ILPZ51EYfMxpnw94CoAZQ
+dCALMmKrKBvpN1wit4EDDg2m6S1KMOA6SG6TVRUw/f6eAyZF/wVM0PmtdHzFe16R
+caOWotOUgYBQfE3VAewPchVM+Vh5cHCbqqUrTuOJAgMBAAGjgaIwgZ8wCQYDVR0T
+BAIwADAdBgNVHQ4EFgQUNASmrpid9bqpMuqzcH5NAr5holowUQYDVR0jBEowSIAU
+3Rah1IIYFLODdRdNg2eT+03yWLehGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB
+ghR3gg2oZOtFfy2k2MgtV8un8Vb0mjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
+HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGTkaX3YLo0g/bJZXvgTQYWi0wEu
+hNeMUNBC/cfmO1y3/Hemk5JUY+1ukCTEk+bR++5lfkuY+0RBD32jXM1EaYz5aQ5M
+dx7LCxMIIvSTUYnaDaRg6Gw8qXqmbZLRM1wwvENUZ4WuJk8X1EDa1DKWMO+LMHwE
+Nrio5aNGl5l3w3ceXBLz9tuzSTrX6QI/Z1iaVG8awllSjEpfvUEC1++ZdQZka2po
+lPU+BGeoPh/Ai5fkz3IEqd1TJLliEJDDq+H0xU715d4nhRFUjhFo+BzQ1QqvoGQn
+dgtRZwlK1yHutESHNOZzAOBkklKrbx6N3oTp+9mluFJIbwFs7XvejbedmlY=
+-----END CERTIFICATE-----

etc/openvpn/easy-rsa/pki/certs_by_serial/F11C11E27C13A18E3D8BFD00106D3EA9.pem

@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            f1:1c:11:e2:7c:13:a1:8e:3d:8b:fd:00:10:6d:3e:a9
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Oct  6 17:26:35 2025 GMT
+            Not After : Jan  9 17:26:35 2028 GMT
+        Subject: CN=server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bb:2e:ae:5e:e6:9d:d0:ec:e1:63:6d:c8:a8:a5:
+                    08:5f:cb:60:b9:8d:14:59:18:22:46:11:cb:ef:fa:
+                    06:a9:40:05:ef:86:7b:a6:96:1e:45:f0:e2:5e:d1:
+                    86:b5:95:e0:a9:1c:bd:c2:82:4e:c0:58:af:29:c3:
+                    69:fd:c3:a1:33:ad:eb:a0:d4:ea:54:73:1c:f3:a1:
+                    9c:4a:01:02:c9:20:84:11:8c:59:0d:9b:c7:78:4a:
+                    fa:31:d7:85:19:28:05:b0:29:18:3d:73:9e:a6:af:
+                    db:4d:1a:9c:d0:a7:9d:0a:88:a3:fe:54:60:f3:97:
+                    f2:e8:c1:ca:49:8b:6a:ce:40:47:b4:0d:16:37:1d:
+                    d2:23:9b:3a:5a:dc:cb:9f:2e:dc:c9:07:6c:e7:bc:
+                    bb:f9:11:73:1b:e2:18:23:be:07:4a:9e:d0:19:b8:
+                    a1:75:15:64:cb:b2:df:0a:a0:24:5e:5d:0f:31:ad:
+                    38:5d:43:4a:25:4d:f0:22:a1:ad:eb:46:df:d9:7f:
+                    bf:d0:63:50:af:a3:a8:27:98:24:bb:ac:e9:b6:e5:
+                    df:a9:08:b9:04:c0:41:83:7c:0b:8d:cb:68:24:51:
+                    d6:8c:15:21:53:f8:f5:b4:b0:3e:1c:ef:33:43:f0:
+                    ff:df:81:2d:fb:b5:00:52:c3:e7:08:d2:41:13:96:
+                    02:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                0F:D3:A1:AB:04:98:97:E8:C0:56:11:18:8D:17:EB:BA:F9:4D:D4:83
+            X509v3 Authority Key Identifier: 
+                keyid:DD:16:A1:D4:82:18:14:B3:83:75:17:4D:83:67:93:FB:4D:F2:58:B7
+                DirName:/CN=Easy-RSA CA
+                serial:77:82:0D:A8:64:EB:45:7F:2D:A4:D8:C8:2D:57:CB:A7:F1:56:F4:9A
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        61:73:c8:ad:42:75:c8:ef:d1:a3:86:06:d2:d3:ca:8c:dd:d7:
+        c4:85:71:b9:bc:04:9e:82:d3:13:b2:d0:ea:d9:40:0b:a0:00:
+        4b:df:c7:95:20:43:d1:0f:a8:c9:4d:aa:0e:84:7f:cd:86:14:
+        b3:fc:1d:04:c8:33:fd:66:77:aa:9b:52:2d:ea:b2:bf:59:38:
+        c9:b1:0e:b2:37:c3:32:3e:11:32:98:50:a3:97:aa:b8:5e:23:
+        b6:83:d7:da:57:97:b5:30:28:ee:2a:49:e4:42:e6:1f:32:4f:
+        b8:3c:14:7b:17:24:38:70:64:a3:21:c8:1e:65:59:d4:66:9c:
+        4c:05:d3:23:1b:97:f6:d4:9c:a9:cf:12:42:77:a5:3d:b4:8a:
+        f5:5e:00:7d:e9:ff:39:23:13:0d:6a:5b:b6:d4:36:eb:d9:b6:
+        6a:2f:f1:42:7c:59:d7:24:54:7f:b1:1b:63:ca:8e:67:28:d1:
+        d8:8c:50:d5:4e:5e:e7:3f:b9:53:5b:3b:1f:a3:8c:86:1e:96:
+        07:dc:5e:e0:31:e5:fb:c2:3e:8b:8d:52:21:3e:1c:eb:ad:24:
+        cd:44:5c:1d:6a:28:cc:d8:eb:0e:68:79:6b:c3:7e:09:b2:7e:
+        32:7d:c9:7b:fa:8f:46:79:5e:e1:ad:c6:cc:18:b2:04:f9:5a:
+        7a:bb:ca:2d
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIRAPEcEeJ8E6GOPYv9ABBtPqkwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjUxMDA2MTcyNjM1WhcNMjgwMTA5
+MTcyNjM1WjARMQ8wDQYDVQQDDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC7Lq5e5p3Q7OFjbciopQhfy2C5jRRZGCJGEcvv+gapQAXvhnum
+lh5F8OJe0Ya1leCpHL3Cgk7AWK8pw2n9w6Ezreug1OpUcxzzoZxKAQLJIIQRjFkN
+m8d4Svox14UZKAWwKRg9c56mr9tNGpzQp50KiKP+VGDzl/LowcpJi2rOQEe0DRY3
+HdIjmzpa3MufLtzJB2znvLv5EXMb4hgjvgdKntAZuKF1FWTLst8KoCReXQ8xrThd
+Q0olTfAioa3rRt/Zf7/QY1Cvo6gnmCS7rOm25d+pCLkEwEGDfAuNy2gkUdaMFSFT
++PW0sD4c7zND8P/fgS37tQBSw+cI0kETlgJLAgMBAAGjgbUwgbIwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUD9OhqwSYl+jAVhEYjRfruvlN1IMwUQYDVR0jBEowSIAU3Rah
+1IIYFLODdRdNg2eT+03yWLehGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR3
+gg2oZOtFfy2k2MgtV8un8Vb0mjATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E
+BAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IBAQBhc8it
+QnXI79GjhgbS08qM3dfEhXG5vASegtMTstDq2UALoABL38eVIEPRD6jJTaoOhH/N
+hhSz/B0EyDP9Zneqm1It6rK/WTjJsQ6yN8MyPhEymFCjl6q4XiO2g9faV5e1MCju
+KknkQuYfMk+4PBR7FyQ4cGSjIcgeZVnUZpxMBdMjG5f21JypzxJCd6U9tIr1XgB9
+6f85IxMNalu21Dbr2bZqL/FCfFnXJFR/sRtjyo5nKNHYjFDVTl7nP7lTWzsfo4yG
+HpYH3F7gMeX7wj6LjVIhPhzrrSTNRFwdaijM2OsOaHlrw34Jsn4yfcl7+o9GeV7h
+rcbMGLIE+Vp6u8ot
+-----END CERTIFICATE-----

etc/openvpn/easy-rsa/pki/index.txt

@@ -0,0 +1,2 @@
+V	280109172635Z		F11C11E27C13A18E3D8BFD00106D3EA9	unknown	/CN=server
+V	280109172635Z		1AD495E082C3D1972625515573003DFE	unknown	/CN=emy-laptop

etc/openvpn/easy-rsa/pki/index.txt.attr

@@ -0,0 +1 @@
+unique_subject = no

etc/openvpn/easy-rsa/pki/index.txt.attr.old

@@ -0,0 +1 @@
+unique_subject = no

etc/openvpn/easy-rsa/pki/index.txt.old

@@ -0,0 +1 @@
+V	280109172635Z		F11C11E27C13A18E3D8BFD00106D3EA9	unknown	/CN=server

etc/openvpn/easy-rsa/pki/inline/emy-laptop.inline

@@ -0,0 +1,144 @@
+# Easy-RSA Type: client
+# Name: emy-laptop
+
+<cert>
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            1a:d4:95:e0:82:c3:d1:97:26:25:51:55:73:00:3d:fe
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Oct  6 17:26:35 2025 GMT
+            Not After : Jan  9 17:26:35 2028 GMT
+        Subject: CN=emy-laptop
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e4:5c:37:61:fa:ac:b0:8a:93:3d:b4:9a:3b:5c:
+                    92:85:da:27:6e:06:d5:c8:3e:fd:a5:68:68:94:7f:
+                    74:c8:b0:b2:8d:f8:d5:b8:17:1f:af:b3:18:23:c3:
+                    09:a0:7c:20:f9:67:67:4c:18:e4:ba:a3:16:b9:8d:
+                    7c:cd:ea:86:0e:42:24:00:db:cb:84:c7:7d:b9:5e:
+                    9c:2c:3d:7e:84:2f:cd:31:72:39:c4:be:ea:53:ce:
+                    62:95:fc:c3:12:ee:e8:28:6c:81:82:17:61:59:c7:
+                    cd:81:58:ad:13:f3:08:d0:99:62:65:e1:34:0e:e0:
+                    00:77:96:45:63:f8:b6:c1:7e:4f:2e:f9:fd:00:4c:
+                    d3:c1:51:0f:d5:44:9c:40:22:64:be:3b:7c:b0:4c:
+                    71:52:05:57:a1:02:f5:b0:95:10:03:c9:be:48:2c:
+                    f6:79:d4:46:1f:33:1a:67:c3:de:02:a0:06:50:74:
+                    20:0b:32:62:ab:28:1b:e9:37:5c:22:b7:81:03:0e:
+                    0d:a6:e9:2d:4a:30:e0:3a:48:6e:93:55:15:30:fd:
+                    fe:9e:03:26:45:ff:05:4c:d0:f9:ad:74:7c:c5:7b:
+                    5e:91:71:a3:96:a2:d3:94:81:80:50:7c:4d:d5:01:
+                    ec:0f:72:15:4c:f9:58:79:70:70:9b:aa:a5:2b:4e:
+                    e3:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                34:04:A6:AE:98:9D:F5:BA:A9:32:EA:B3:70:7E:4D:02:BE:61:A2:5A
+            X509v3 Authority Key Identifier: 
+                keyid:DD:16:A1:D4:82:18:14:B3:83:75:17:4D:83:67:93:FB:4D:F2:58:B7
+                DirName:/CN=Easy-RSA CA
+                serial:77:82:0D:A8:64:EB:45:7F:2D:A4:D8:C8:2D:57:CB:A7:F1:56:F4:9A
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        64:e4:69:7d:d8:2e:8d:20:fd:b2:59:5e:f8:13:41:85:a2:d3:
+        01:2e:84:d7:8c:50:d0:42:fd:c7:e6:3b:5c:b7:fc:77:a6:93:
+        92:54:63:ed:6e:90:24:c4:93:e6:d1:fb:ee:65:7e:4b:98:fb:
+        44:41:0f:7d:a3:5c:cd:44:69:8c:f9:69:0e:4c:77:1e:cb:0b:
+        13:08:22:f4:93:51:89:da:0d:a4:60:e8:6c:3c:a9:7a:a6:6d:
+        92:d1:33:5c:30:bc:43:54:67:85:ae:26:4f:17:d4:40:da:d4:
+        32:96:30:ef:8b:30:7c:04:36:b8:a8:e5:a3:46:97:99:77:c3:
+        77:1e:5c:12:f3:f6:db:b3:49:3a:d7:e9:02:3f:67:58:9a:54:
+        6f:1a:c2:59:52:8c:4a:5f:bd:41:02:d7:ef:99:75:06:64:6b:
+        6a:68:94:f5:3e:04:67:a8:3e:1f:c0:8b:97:e4:cf:72:04:a9:
+        dd:53:24:b9:62:10:90:c3:ab:e1:f4:c5:4e:f5:e5:de:27:85:
+        11:54:8e:11:68:f8:1c:d0:d5:0a:af:a0:64:27:76:0b:51:67:
+        09:4a:d7:21:ee:b4:44:87:34:e6:73:00:e0:64:92:52:ab:6f:
+        1e:8d:de:84:e9:fb:d9:a5:b8:52:48:6f:01:6c:ed:7b:de:8d:
+        b7:9d:9a:56
+-----BEGIN CERTIFICATE-----
+MIIDWDCCAkCgAwIBAgIQGtSV4ILD0ZcmJVFVcwA9/jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yNTEwMDYxNzI2MzVaFw0yODAxMDkx
+NzI2MzVaMBUxEzARBgNVBAMMCmVteS1sYXB0b3AwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDkXDdh+qywipM9tJo7XJKF2iduBtXIPv2laGiUf3TIsLKN
++NW4Fx+vsxgjwwmgfCD5Z2dMGOS6oxa5jXzN6oYOQiQA28uEx325XpwsPX6EL80x
+cjnEvupTzmKV/MMS7ugobIGCF2FZx82BWK0T8wjQmWJl4TQO4AB3lkVj+LbBfk8u
++f0ATNPBUQ/VRJxAImS+O3ywTHFSBVehAvWwlRADyb5ILPZ51EYfMxpnw94CoAZQ
+dCALMmKrKBvpN1wit4EDDg2m6S1KMOA6SG6TVRUw/f6eAyZF/wVM0PmtdHzFe16R
+caOWotOUgYBQfE3VAewPchVM+Vh5cHCbqqUrTuOJAgMBAAGjgaIwgZ8wCQYDVR0T
+BAIwADAdBgNVHQ4EFgQUNASmrpid9bqpMuqzcH5NAr5holowUQYDVR0jBEowSIAU
+3Rah1IIYFLODdRdNg2eT+03yWLehGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB
+ghR3gg2oZOtFfy2k2MgtV8un8Vb0mjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
+HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGTkaX3YLo0g/bJZXvgTQYWi0wEu
+hNeMUNBC/cfmO1y3/Hemk5JUY+1ukCTEk+bR++5lfkuY+0RBD32jXM1EaYz5aQ5M
+dx7LCxMIIvSTUYnaDaRg6Gw8qXqmbZLRM1wwvENUZ4WuJk8X1EDa1DKWMO+LMHwE
+Nrio5aNGl5l3w3ceXBLz9tuzSTrX6QI/Z1iaVG8awllSjEpfvUEC1++ZdQZka2po
+lPU+BGeoPh/Ai5fkz3IEqd1TJLliEJDDq+H0xU715d4nhRFUjhFo+BzQ1QqvoGQn
+dgtRZwlK1yHutESHNOZzAOBkklKrbx6N3oTp+9mluFJIbwFs7XvejbedmlY=
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDkXDdh+qywipM9
+tJo7XJKF2iduBtXIPv2laGiUf3TIsLKN+NW4Fx+vsxgjwwmgfCD5Z2dMGOS6oxa5
+jXzN6oYOQiQA28uEx325XpwsPX6EL80xcjnEvupTzmKV/MMS7ugobIGCF2FZx82B
+WK0T8wjQmWJl4TQO4AB3lkVj+LbBfk8u+f0ATNPBUQ/VRJxAImS+O3ywTHFSBVeh
+AvWwlRADyb5ILPZ51EYfMxpnw94CoAZQdCALMmKrKBvpN1wit4EDDg2m6S1KMOA6
+SG6TVRUw/f6eAyZF/wVM0PmtdHzFe16RcaOWotOUgYBQfE3VAewPchVM+Vh5cHCb
+qqUrTuOJAgMBAAECggEAZtN3RLEhbWUYo+JcyHoIqCjxNEPzo3VptT9sR+GUboHS
+BMeVRI11ASJ9riy2ewMpvePnyYY0CC5Dn02scvQ1ZNo3aAOQgrtpSzzkya7u9wqn
+NKqghI0K6q22Cp+EH1RgSUOClVd9yHWFfca2OJNo1rUab5GWZVRMIY0Stc9aS4mA
+lFG7aw5LJ7NP+Jh4E9XFjzr9IyraV+7h+G0qAZLE8qsA4j8vbtlApojAf9cKPFCc
+MYUeqVjqNx+fBb7E3t13+ffCG2Y/DNinxFMpV7kN7t+fYubZovZsZXdFEYatHCP5
+fMKDwBQYUfmK/pQmDip/HhlOJ8t11uQxQ5UPe3GKeQKBgQD9j9IOunGIPcN5xhZW
+36Y/ZqD/e9hjnqc3LKwFwcElPaXphA/zv1m83tesr+uMRNJIJ1FL+tVv8QtcIGrC
+Ha7oYlbK1mAN6HrVa8tvNZ0wEwRTgdyVtwRnCgBm2ONp7IGW2wX9oK89C3vwky4p
+c1Pm9QLKGqIQryFyolIJcJmgLwKBgQDmjlvB9DolWASKfNRJrVRigoFhX8JXWETv
+clEwzGGX1AmrzyFIE4fQMpYdZk3C2hyTuKlgXqZyXvlRr7rvFxMe0WcEMC7zUgd6
+YFMifgVL6rE/PXpgy6JdMwMBaaP6yxYUz1FbyL0WixZq1bllBm5Z+Xu7RLfNS71a
+urWqLXPRxwKBgQCYOazBXNtmELZ3OB4XP6O+Mm37k61geVIoRLBtsFm1cuJVZAxz
+qHBGfH581QyTpImd+cTL2aYj01GfmHKfYVStfMRgd/0ovGZqFJIIjOZ2gyQ4wiDc
+3QhOl+mP1SwKXouaNpnNH5e1DVz2HFY9WliHspZfIUgkvg9Vk++ubSQ9zwKBgGCR
+XAl+/CPMHArNgjVh7ihctUhNzZ68EBOi9DLWSEJJw8s8tJn15DrmFU43HXbx2Gpf
+PEJrIphhA1idnFSse4u69cUhUWkFALDXS7r0wc8sfBUa8Pk+EcGrriSXVOGk0pjg
+xRkGmXypwTf6UO7ppKr2/kZP4BSTFrq73X9sDkjdAoGBAPpMwaZ8MpLia/WBP7+z
+1A3zUKIjUFysmtacYEUEIRvgivfWkQpCpFjrJN0hwrib2Agzl7fGRpD9tu6/iDFo
+y1ZsWNb5x3StniIFHR+zgWU9+Gd3XMBw4uivWi0cppaYBi8ndNlY59OOL1o8rldJ
+RjRKcYht2Pscsbze8xPJVLt8
+-----END PRIVATE KEY-----
+</key>
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUd4INqGTrRX8tpNjILVfLp/FW9JowDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjUxMDA2MTcyNjM1WhcNMzUx
+MDA0MTcyNjM1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL0DDWBsUoqQdvX8UytBHfSZYUmPL/dvyYQt/STT
+7cZKsl0OqV2EzqhGJYPmPHcKiBoeEoqaBsHnLa/c6PbGWrvztFXHotYOMW0Jigv2
+KKotB2GT9k7mhrOcUMuu6J6SossJtlekebQkIBXj7N31m+Zs/k5kayeaScg8cCYW
+o7SwP2afUZ7vSsxisAgEnKsq0fousPguGdT5Ooh0TAUEKl/PR69pGMaXD1MQl5wv
+dcJV3X2GhcXpJbAGuhBjcZB/LCFjtlQ+9IDvhcN4rhWNa0LsMoL3sPh/dsdt0G2c
+bxc4+OuLQ42eWcAV0RsTMGofTULcRuXcA3XvTRllgCWplbUCAwEAAaOBkDCBjTAM
+BgNVHRMEBTADAQH/MB0GA1UdDgQWBBTdFqHUghgUs4N1F02DZ5P7TfJYtzBRBgNV
+HSMESjBIgBTdFqHUghgUs4N1F02DZ5P7TfJYt6EapBgwFjEUMBIGA1UEAwwLRWFz
+eS1SU0EgQ0GCFHeCDahk60V/LaTYyC1Xy6fxVvSaMAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAP0X9x4SQFXaR7FEYwjAQ+uX1EtWQP+GhA3MKQI7scQL6
+TxMc/103x7Ty3Sb0tbG9iOMb5v9rXqiLFyzxqZAh4yiLnsJDwe/OlozfkVcGhXcl
+L67q56je+D/PptD6UoWBYvLPPdu8DNaa/0aVsyE0hXIrjnNYNz8Kb9YXLmbxp051
+/5GxpMdonyEOIxQv40lITDH0Ynlx0QiPF0bqDYT5nsMGx8gRTStKL+WMQGi0CHGe
+PoyOFdR0JdJcR6vvr8b+32fHeIZrpwTrqUoUJuR0HtFrhhIF7es9bmw3px1mMd1M
+OJ+fp9iYT1JcKtB6WeV+TOTkfsFzdg+EIqG4os+ZzA==
+-----END CERTIFICATE-----
+</ca>
+

etc/openvpn/easy-rsa/pki/inline/server.inline

@@ -0,0 +1,147 @@
+# Easy-RSA Type: server
+# Name: server
+
+<cert>
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            f1:1c:11:e2:7c:13:a1:8e:3d:8b:fd:00:10:6d:3e:a9
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Oct  6 17:26:35 2025 GMT
+            Not After : Jan  9 17:26:35 2028 GMT
+        Subject: CN=server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bb:2e:ae:5e:e6:9d:d0:ec:e1:63:6d:c8:a8:a5:
+                    08:5f:cb:60:b9:8d:14:59:18:22:46:11:cb:ef:fa:
+                    06:a9:40:05:ef:86:7b:a6:96:1e:45:f0:e2:5e:d1:
+                    86:b5:95:e0:a9:1c:bd:c2:82:4e:c0:58:af:29:c3:
+                    69:fd:c3:a1:33:ad:eb:a0:d4:ea:54:73:1c:f3:a1:
+                    9c:4a:01:02:c9:20:84:11:8c:59:0d:9b:c7:78:4a:
+                    fa:31:d7:85:19:28:05:b0:29:18:3d:73:9e:a6:af:
+                    db:4d:1a:9c:d0:a7:9d:0a:88:a3:fe:54:60:f3:97:
+                    f2:e8:c1:ca:49:8b:6a:ce:40:47:b4:0d:16:37:1d:
+                    d2:23:9b:3a:5a:dc:cb:9f:2e:dc:c9:07:6c:e7:bc:
+                    bb:f9:11:73:1b:e2:18:23:be:07:4a:9e:d0:19:b8:
+                    a1:75:15:64:cb:b2:df:0a:a0:24:5e:5d:0f:31:ad:
+                    38:5d:43:4a:25:4d:f0:22:a1:ad:eb:46:df:d9:7f:
+                    bf:d0:63:50:af:a3:a8:27:98:24:bb:ac:e9:b6:e5:
+                    df:a9:08:b9:04:c0:41:83:7c:0b:8d:cb:68:24:51:
+                    d6:8c:15:21:53:f8:f5:b4:b0:3e:1c:ef:33:43:f0:
+                    ff:df:81:2d:fb:b5:00:52:c3:e7:08:d2:41:13:96:
+                    02:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                0F:D3:A1:AB:04:98:97:E8:C0:56:11:18:8D:17:EB:BA:F9:4D:D4:83
+            X509v3 Authority Key Identifier: 
+                keyid:DD:16:A1:D4:82:18:14:B3:83:75:17:4D:83:67:93:FB:4D:F2:58:B7
+                DirName:/CN=Easy-RSA CA
+                serial:77:82:0D:A8:64:EB:45:7F:2D:A4:D8:C8:2D:57:CB:A7:F1:56:F4:9A
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        61:73:c8:ad:42:75:c8:ef:d1:a3:86:06:d2:d3:ca:8c:dd:d7:
+        c4:85:71:b9:bc:04:9e:82:d3:13:b2:d0:ea:d9:40:0b:a0:00:
+        4b:df:c7:95:20:43:d1:0f:a8:c9:4d:aa:0e:84:7f:cd:86:14:
+        b3:fc:1d:04:c8:33:fd:66:77:aa:9b:52:2d:ea:b2:bf:59:38:
+        c9:b1:0e:b2:37:c3:32:3e:11:32:98:50:a3:97:aa:b8:5e:23:
+        b6:83:d7:da:57:97:b5:30:28:ee:2a:49:e4:42:e6:1f:32:4f:
+        b8:3c:14:7b:17:24:38:70:64:a3:21:c8:1e:65:59:d4:66:9c:
+        4c:05:d3:23:1b:97:f6:d4:9c:a9:cf:12:42:77:a5:3d:b4:8a:
+        f5:5e:00:7d:e9:ff:39:23:13:0d:6a:5b:b6:d4:36:eb:d9:b6:
+        6a:2f:f1:42:7c:59:d7:24:54:7f:b1:1b:63:ca:8e:67:28:d1:
+        d8:8c:50:d5:4e:5e:e7:3f:b9:53:5b:3b:1f:a3:8c:86:1e:96:
+        07:dc:5e:e0:31:e5:fb:c2:3e:8b:8d:52:21:3e:1c:eb:ad:24:
+        cd:44:5c:1d:6a:28:cc:d8:eb:0e:68:79:6b:c3:7e:09:b2:7e:
+        32:7d:c9:7b:fa:8f:46:79:5e:e1:ad:c6:cc:18:b2:04:f9:5a:
+        7a:bb:ca:2d
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIRAPEcEeJ8E6GOPYv9ABBtPqkwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjUxMDA2MTcyNjM1WhcNMjgwMTA5
+MTcyNjM1WjARMQ8wDQYDVQQDDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC7Lq5e5p3Q7OFjbciopQhfy2C5jRRZGCJGEcvv+gapQAXvhnum
+lh5F8OJe0Ya1leCpHL3Cgk7AWK8pw2n9w6Ezreug1OpUcxzzoZxKAQLJIIQRjFkN
+m8d4Svox14UZKAWwKRg9c56mr9tNGpzQp50KiKP+VGDzl/LowcpJi2rOQEe0DRY3
+HdIjmzpa3MufLtzJB2znvLv5EXMb4hgjvgdKntAZuKF1FWTLst8KoCReXQ8xrThd
+Q0olTfAioa3rRt/Zf7/QY1Cvo6gnmCS7rOm25d+pCLkEwEGDfAuNy2gkUdaMFSFT
++PW0sD4c7zND8P/fgS37tQBSw+cI0kETlgJLAgMBAAGjgbUwgbIwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUD9OhqwSYl+jAVhEYjRfruvlN1IMwUQYDVR0jBEowSIAU3Rah
+1IIYFLODdRdNg2eT+03yWLehGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR3
+gg2oZOtFfy2k2MgtV8un8Vb0mjATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E
+BAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IBAQBhc8it
+QnXI79GjhgbS08qM3dfEhXG5vASegtMTstDq2UALoABL38eVIEPRD6jJTaoOhH/N
+hhSz/B0EyDP9Zneqm1It6rK/WTjJsQ6yN8MyPhEymFCjl6q4XiO2g9faV5e1MCju
+KknkQuYfMk+4PBR7FyQ4cGSjIcgeZVnUZpxMBdMjG5f21JypzxJCd6U9tIr1XgB9
+6f85IxMNalu21Dbr2bZqL/FCfFnXJFR/sRtjyo5nKNHYjFDVTl7nP7lTWzsfo4yG
+HpYH3F7gMeX7wj6LjVIhPhzrrSTNRFwdaijM2OsOaHlrw34Jsn4yfcl7+o9GeV7h
+rcbMGLIE+Vp6u8ot
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7Lq5e5p3Q7OFj
+bciopQhfy2C5jRRZGCJGEcvv+gapQAXvhnumlh5F8OJe0Ya1leCpHL3Cgk7AWK8p
+w2n9w6Ezreug1OpUcxzzoZxKAQLJIIQRjFkNm8d4Svox14UZKAWwKRg9c56mr9tN
+GpzQp50KiKP+VGDzl/LowcpJi2rOQEe0DRY3HdIjmzpa3MufLtzJB2znvLv5EXMb
+4hgjvgdKntAZuKF1FWTLst8KoCReXQ8xrThdQ0olTfAioa3rRt/Zf7/QY1Cvo6gn
+mCS7rOm25d+pCLkEwEGDfAuNy2gkUdaMFSFT+PW0sD4c7zND8P/fgS37tQBSw+cI
+0kETlgJLAgMBAAECggEAEng7YccvsKXZt43loX5nTSHW8Xgnly2idCIywAMpFRo+
+0QZcEnFNm2khbRRk+RXzjRGg8nMZLNw+AcjzycO77EraV+GqcvAeMzaxzTuRosw/
+5oYKuM+zkahpoka52Lmc62eiqgL2l0v9lPtt7cjG3iXiyKhayK59nCntuUQLIz6u
+kSCTV8+d0e59VOfH9U/D3GXBTEwmdgweIATwEI+iToitX5fHtv6vgxkUiKpQW5mr
+ovRKhRGbPvwc9WO3qTEiT+5RZaVpjRX1rMYejnllQo5jFLFqZ2r9wWfjiWTvLAAr
+0tlI6qXve+UMd+69Fwq04KNFWgoT1UtYMu3pCrPegQKBgQDnGj38p8Edkinl2Np3
+xcT7asVGcOOfTiG2LhxjvpdLE7HbhJiOB/MAIfO6LbuHHrvDBSUAdAp5H1JzOIvR
+F9piTCb66NdGW0TNNfjPDoBTP5vhMHwGB1p9A4Ysueob8HVJWKNV+8gchyNIqHqh
+62cztcjBKo4ujOEM2m6awV4cYwKBgQDPWSFe5vidtFIBgNtJTVZN1PUSbkro2lbs
+RSqEkRRAxg/ZVeXUjo6NjW5mWdMMtE6QL+nBukrbIme/yM4WlnrrgsPd+mKVlEII
+H7XmVSIYKC43xwTexGOOl5hagFugnoKdjMNap4RffgY9rTqfr22PwHbXi9ET4f/g
+el3lvh/i+QKBgHaOsuAr21llQ5NDtYgecFiexMfHYC64sXi5nRzaiNkeKG86Td0H
+XPVjdZq8nWjLLn305K+f2EOc+vpbNvc0qnclJBYyX0YbymcQWi02/kQ27KwQ6H9b
+RGO/7BSD6AMfT7wp+dlBir5/4W0D6a2pi08u4eefAkQFR+sFIBrKOpKLAoGBAMef
+QOB0L9DsxLLL0tKMkVVXfCYlZxss8diAcoG0hzIhPSr5Zs6v/JBNJIeHXQfzI1vv
+tPYdG2pDgm0Cr17Ruz+34kh4gacOWFAn72D0f2GQdYafpZGus0aZrkUbJJvLX2a9
+GWrSsj+ZPfrtJu6L30gxfHjiFAU3ZLhCNtozo9FJAoGBAMKDchAFjYTsz1+bqdCd
+k5hOGJzIIbOpnrL3aPhzrzyc1G+QS7D5rxAL5AxlQgFlU/Z3c6t57jsKv0CqC4dg
+KkyxTdvRr8NZ2piMdAbJ6PeF2qRjmThGHT/K9Y/LyeQ0DJrppJ+IkwmNR9jtMmDq
+gRCWnkwSGjoAPmcA4eGMGpRD
+-----END PRIVATE KEY-----
+</key>
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUd4INqGTrRX8tpNjILVfLp/FW9JowDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjUxMDA2MTcyNjM1WhcNMzUx
+MDA0MTcyNjM1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL0DDWBsUoqQdvX8UytBHfSZYUmPL/dvyYQt/STT
+7cZKsl0OqV2EzqhGJYPmPHcKiBoeEoqaBsHnLa/c6PbGWrvztFXHotYOMW0Jigv2
+KKotB2GT9k7mhrOcUMuu6J6SossJtlekebQkIBXj7N31m+Zs/k5kayeaScg8cCYW
+o7SwP2afUZ7vSsxisAgEnKsq0fousPguGdT5Ooh0TAUEKl/PR69pGMaXD1MQl5wv
+dcJV3X2GhcXpJbAGuhBjcZB/LCFjtlQ+9IDvhcN4rhWNa0LsMoL3sPh/dsdt0G2c
+bxc4+OuLQ42eWcAV0RsTMGofTULcRuXcA3XvTRllgCWplbUCAwEAAaOBkDCBjTAM
+BgNVHRMEBTADAQH/MB0GA1UdDgQWBBTdFqHUghgUs4N1F02DZ5P7TfJYtzBRBgNV
+HSMESjBIgBTdFqHUghgUs4N1F02DZ5P7TfJYt6EapBgwFjEUMBIGA1UEAwwLRWFz
+eS1SU0EgQ0GCFHeCDahk60V/LaTYyC1Xy6fxVvSaMAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAP0X9x4SQFXaR7FEYwjAQ+uX1EtWQP+GhA3MKQI7scQL6
+TxMc/103x7Ty3Sb0tbG9iOMb5v9rXqiLFyzxqZAh4yiLnsJDwe/OlozfkVcGhXcl
+L67q56je+D/PptD6UoWBYvLPPdu8DNaa/0aVsyE0hXIrjnNYNz8Kb9YXLmbxp051
+/5GxpMdonyEOIxQv40lITDH0Ynlx0QiPF0bqDYT5nsMGx8gRTStKL+WMQGi0CHGe
+PoyOFdR0JdJcR6vvr8b+32fHeIZrpwTrqUoUJuR0HtFrhhIF7es9bmw3px1mMd1M
+OJ+fp9iYT1JcKtB6WeV+TOTkfsFzdg+EIqG4os+ZzA==
+-----END CERTIFICATE-----
+</ca>
+

etc/openvpn/easy-rsa/pki/issued/emy-laptop.crt

@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            1a:d4:95:e0:82:c3:d1:97:26:25:51:55:73:00:3d:fe
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Oct  6 17:26:35 2025 GMT
+            Not After : Jan  9 17:26:35 2028 GMT
+        Subject: CN=emy-laptop
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e4:5c:37:61:fa:ac:b0:8a:93:3d:b4:9a:3b:5c:
+                    92:85:da:27:6e:06:d5:c8:3e:fd:a5:68:68:94:7f:
+                    74:c8:b0:b2:8d:f8:d5:b8:17:1f:af:b3:18:23:c3:
+                    09:a0:7c:20:f9:67:67:4c:18:e4:ba:a3:16:b9:8d:
+                    7c:cd:ea:86:0e:42:24:00:db:cb:84:c7:7d:b9:5e:
+                    9c:2c:3d:7e:84:2f:cd:31:72:39:c4:be:ea:53:ce:
+                    62:95:fc:c3:12:ee:e8:28:6c:81:82:17:61:59:c7:
+                    cd:81:58:ad:13:f3:08:d0:99:62:65:e1:34:0e:e0:
+                    00:77:96:45:63:f8:b6:c1:7e:4f:2e:f9:fd:00:4c:
+                    d3:c1:51:0f:d5:44:9c:40:22:64:be:3b:7c:b0:4c:
+                    71:52:05:57:a1:02:f5:b0:95:10:03:c9:be:48:2c:
+                    f6:79:d4:46:1f:33:1a:67:c3:de:02:a0:06:50:74:
+                    20:0b:32:62:ab:28:1b:e9:37:5c:22:b7:81:03:0e:
+                    0d:a6:e9:2d:4a:30:e0:3a:48:6e:93:55:15:30:fd:
+                    fe:9e:03:26:45:ff:05:4c:d0:f9:ad:74:7c:c5:7b:
+                    5e:91:71:a3:96:a2:d3:94:81:80:50:7c:4d:d5:01:
+                    ec:0f:72:15:4c:f9:58:79:70:70:9b:aa:a5:2b:4e:
+                    e3:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                34:04:A6:AE:98:9D:F5:BA:A9:32:EA:B3:70:7E:4D:02:BE:61:A2:5A
+            X509v3 Authority Key Identifier: 
+                keyid:DD:16:A1:D4:82:18:14:B3:83:75:17:4D:83:67:93:FB:4D:F2:58:B7
+                DirName:/CN=Easy-RSA CA
+                serial:77:82:0D:A8:64:EB:45:7F:2D:A4:D8:C8:2D:57:CB:A7:F1:56:F4:9A
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        64:e4:69:7d:d8:2e:8d:20:fd:b2:59:5e:f8:13:41:85:a2:d3:
+        01:2e:84:d7:8c:50:d0:42:fd:c7:e6:3b:5c:b7:fc:77:a6:93:
+        92:54:63:ed:6e:90:24:c4:93:e6:d1:fb:ee:65:7e:4b:98:fb:
+        44:41:0f:7d:a3:5c:cd:44:69:8c:f9:69:0e:4c:77:1e:cb:0b:
+        13:08:22:f4:93:51:89:da:0d:a4:60:e8:6c:3c:a9:7a:a6:6d:
+        92:d1:33:5c:30:bc:43:54:67:85:ae:26:4f:17:d4:40:da:d4:
+        32:96:30:ef:8b:30:7c:04:36:b8:a8:e5:a3:46:97:99:77:c3:
+        77:1e:5c:12:f3:f6:db:b3:49:3a:d7:e9:02:3f:67:58:9a:54:
+        6f:1a:c2:59:52:8c:4a:5f:bd:41:02:d7:ef:99:75:06:64:6b:
+        6a:68:94:f5:3e:04:67:a8:3e:1f:c0:8b:97:e4:cf:72:04:a9:
+        dd:53:24:b9:62:10:90:c3:ab:e1:f4:c5:4e:f5:e5:de:27:85:
+        11:54:8e:11:68:f8:1c:d0:d5:0a:af:a0:64:27:76:0b:51:67:
+        09:4a:d7:21:ee:b4:44:87:34:e6:73:00:e0:64:92:52:ab:6f:
+        1e:8d:de:84:e9:fb:d9:a5:b8:52:48:6f:01:6c:ed:7b:de:8d:
+        b7:9d:9a:56
+-----BEGIN CERTIFICATE-----
+MIIDWDCCAkCgAwIBAgIQGtSV4ILD0ZcmJVFVcwA9/jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yNTEwMDYxNzI2MzVaFw0yODAxMDkx
+NzI2MzVaMBUxEzARBgNVBAMMCmVteS1sYXB0b3AwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDkXDdh+qywipM9tJo7XJKF2iduBtXIPv2laGiUf3TIsLKN
++NW4Fx+vsxgjwwmgfCD5Z2dMGOS6oxa5jXzN6oYOQiQA28uEx325XpwsPX6EL80x
+cjnEvupTzmKV/MMS7ugobIGCF2FZx82BWK0T8wjQmWJl4TQO4AB3lkVj+LbBfk8u
++f0ATNPBUQ/VRJxAImS+O3ywTHFSBVehAvWwlRADyb5ILPZ51EYfMxpnw94CoAZQ
+dCALMmKrKBvpN1wit4EDDg2m6S1KMOA6SG6TVRUw/f6eAyZF/wVM0PmtdHzFe16R
+caOWotOUgYBQfE3VAewPchVM+Vh5cHCbqqUrTuOJAgMBAAGjgaIwgZ8wCQYDVR0T
+BAIwADAdBgNVHQ4EFgQUNASmrpid9bqpMuqzcH5NAr5holowUQYDVR0jBEowSIAU
+3Rah1IIYFLODdRdNg2eT+03yWLehGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB
+ghR3gg2oZOtFfy2k2MgtV8un8Vb0mjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
+HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGTkaX3YLo0g/bJZXvgTQYWi0wEu
+hNeMUNBC/cfmO1y3/Hemk5JUY+1ukCTEk+bR++5lfkuY+0RBD32jXM1EaYz5aQ5M
+dx7LCxMIIvSTUYnaDaRg6Gw8qXqmbZLRM1wwvENUZ4WuJk8X1EDa1DKWMO+LMHwE
+Nrio5aNGl5l3w3ceXBLz9tuzSTrX6QI/Z1iaVG8awllSjEpfvUEC1++ZdQZka2po
+lPU+BGeoPh/Ai5fkz3IEqd1TJLliEJDDq+H0xU715d4nhRFUjhFo+BzQ1QqvoGQn
+dgtRZwlK1yHutESHNOZzAOBkklKrbx6N3oTp+9mluFJIbwFs7XvejbedmlY=
+-----END CERTIFICATE-----

etc/openvpn/easy-rsa/pki/issued/server.crt

@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            f1:1c:11:e2:7c:13:a1:8e:3d:8b:fd:00:10:6d:3e:a9
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Oct  6 17:26:35 2025 GMT
+            Not After : Jan  9 17:26:35 2028 GMT
+        Subject: CN=server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bb:2e:ae:5e:e6:9d:d0:ec:e1:63:6d:c8:a8:a5:
+                    08:5f:cb:60:b9:8d:14:59:18:22:46:11:cb:ef:fa:
+                    06:a9:40:05:ef:86:7b:a6:96:1e:45:f0:e2:5e:d1:
+                    86:b5:95:e0:a9:1c:bd:c2:82:4e:c0:58:af:29:c3:
+                    69:fd:c3:a1:33:ad:eb:a0:d4:ea:54:73:1c:f3:a1:
+                    9c:4a:01:02:c9:20:84:11:8c:59:0d:9b:c7:78:4a:
+                    fa:31:d7:85:19:28:05:b0:29:18:3d:73:9e:a6:af:
+                    db:4d:1a:9c:d0:a7:9d:0a:88:a3:fe:54:60:f3:97:
+                    f2:e8:c1:ca:49:8b:6a:ce:40:47:b4:0d:16:37:1d:
+                    d2:23:9b:3a:5a:dc:cb:9f:2e:dc:c9:07:6c:e7:bc:
+                    bb:f9:11:73:1b:e2:18:23:be:07:4a:9e:d0:19:b8:
+                    a1:75:15:64:cb:b2:df:0a:a0:24:5e:5d:0f:31:ad:
+                    38:5d:43:4a:25:4d:f0:22:a1:ad:eb:46:df:d9:7f:
+                    bf:d0:63:50:af:a3:a8:27:98:24:bb:ac:e9:b6:e5:
+                    df:a9:08:b9:04:c0:41:83:7c:0b:8d:cb:68:24:51:
+                    d6:8c:15:21:53:f8:f5:b4:b0:3e:1c:ef:33:43:f0:
+                    ff:df:81:2d:fb:b5:00:52:c3:e7:08:d2:41:13:96:
+                    02:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                0F:D3:A1:AB:04:98:97:E8:C0:56:11:18:8D:17:EB:BA:F9:4D:D4:83
+            X509v3 Authority Key Identifier: 
+                keyid:DD:16:A1:D4:82:18:14:B3:83:75:17:4D:83:67:93:FB:4D:F2:58:B7
+                DirName:/CN=Easy-RSA CA
+                serial:77:82:0D:A8:64:EB:45:7F:2D:A4:D8:C8:2D:57:CB:A7:F1:56:F4:9A
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        61:73:c8:ad:42:75:c8:ef:d1:a3:86:06:d2:d3:ca:8c:dd:d7:
+        c4:85:71:b9:bc:04:9e:82:d3:13:b2:d0:ea:d9:40:0b:a0:00:
+        4b:df:c7:95:20:43:d1:0f:a8:c9:4d:aa:0e:84:7f:cd:86:14:
+        b3:fc:1d:04:c8:33:fd:66:77:aa:9b:52:2d:ea:b2:bf:59:38:
+        c9:b1:0e:b2:37:c3:32:3e:11:32:98:50:a3:97:aa:b8:5e:23:
+        b6:83:d7:da:57:97:b5:30:28:ee:2a:49:e4:42:e6:1f:32:4f:
+        b8:3c:14:7b:17:24:38:70:64:a3:21:c8:1e:65:59:d4:66:9c:
+        4c:05:d3:23:1b:97:f6:d4:9c:a9:cf:12:42:77:a5:3d:b4:8a:
+        f5:5e:00:7d:e9:ff:39:23:13:0d:6a:5b:b6:d4:36:eb:d9:b6:
+        6a:2f:f1:42:7c:59:d7:24:54:7f:b1:1b:63:ca:8e:67:28:d1:
+        d8:8c:50:d5:4e:5e:e7:3f:b9:53:5b:3b:1f:a3:8c:86:1e:96:
+        07:dc:5e:e0:31:e5:fb:c2:3e:8b:8d:52:21:3e:1c:eb:ad:24:
+        cd:44:5c:1d:6a:28:cc:d8:eb:0e:68:79:6b:c3:7e:09:b2:7e:
+        32:7d:c9:7b:fa:8f:46:79:5e:e1:ad:c6:cc:18:b2:04:f9:5a:
+        7a:bb:ca:2d
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIRAPEcEeJ8E6GOPYv9ABBtPqkwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjUxMDA2MTcyNjM1WhcNMjgwMTA5
+MTcyNjM1WjARMQ8wDQYDVQQDDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC7Lq5e5p3Q7OFjbciopQhfy2C5jRRZGCJGEcvv+gapQAXvhnum
+lh5F8OJe0Ya1leCpHL3Cgk7AWK8pw2n9w6Ezreug1OpUcxzzoZxKAQLJIIQRjFkN
+m8d4Svox14UZKAWwKRg9c56mr9tNGpzQp50KiKP+VGDzl/LowcpJi2rOQEe0DRY3
+HdIjmzpa3MufLtzJB2znvLv5EXMb4hgjvgdKntAZuKF1FWTLst8KoCReXQ8xrThd
+Q0olTfAioa3rRt/Zf7/QY1Cvo6gnmCS7rOm25d+pCLkEwEGDfAuNy2gkUdaMFSFT
++PW0sD4c7zND8P/fgS37tQBSw+cI0kETlgJLAgMBAAGjgbUwgbIwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUD9OhqwSYl+jAVhEYjRfruvlN1IMwUQYDVR0jBEowSIAU3Rah
+1IIYFLODdRdNg2eT+03yWLehGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR3
+gg2oZOtFfy2k2MgtV8un8Vb0mjATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E
+BAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IBAQBhc8it
+QnXI79GjhgbS08qM3dfEhXG5vASegtMTstDq2UALoABL38eVIEPRD6jJTaoOhH/N
+hhSz/B0EyDP9Zneqm1It6rK/WTjJsQ6yN8MyPhEymFCjl6q4XiO2g9faV5e1MCju
+KknkQuYfMk+4PBR7FyQ4cGSjIcgeZVnUZpxMBdMjG5f21JypzxJCd6U9tIr1XgB9
+6f85IxMNalu21Dbr2bZqL/FCfFnXJFR/sRtjyo5nKNHYjFDVTl7nP7lTWzsfo4yG
+HpYH3F7gMeX7wj6LjVIhPhzrrSTNRFwdaijM2OsOaHlrw34Jsn4yfcl7+o9GeV7h
+rcbMGLIE+Vp6u8ot
+-----END CERTIFICATE-----

etc/openvpn/easy-rsa/pki/openssl-easyrsa.cnf

@@ -0,0 +1,149 @@
+# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::EASYRSA_PKI	# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir/certs_by_serial	# default place for new certs.
+
+certificate	= $dir/ca.crt		# The CA certificate
+serial		= $dir/serial		# The current serial number
+crl		= $dir/crl.pem		# The current CRL
+private_key	= $dir/private/ca.key	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= basic_exts		# The extensions to add to the cert
+
+# A placeholder to handle the --copy-ext feature:
+#%COPY_EXTS%	# Do NOT remove or change this line as --copy-ext support requires it
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions	= crl_ext
+
+default_days	= $ENV::EASYRSA_CERT_EXPIRE	# how long to certify for
+default_crl_days	= $ENV::EASYRSA_CRL_DAYS	# how long before next CRL
+default_md	= $ENV::EASYRSA_DIGEST		# use public key default MD
+
+# Note: preserve=no|yes, does nothing for EasyRSA.
+# Use sign-req command option 'preserve' instead.
+preserve	= no			# keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject	= no
+
+# A few different ways of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+serialNumber	= optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits		= $ENV::EASYRSA_KEY_SIZE
+default_keyfile	= privkey.pem
+default_md		= $ENV::EASYRSA_DIGEST
+distinguished_name	= $ENV::EASYRSA_DN
+x509_extensions		= easyrsa_ca	# The extensions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS%	# Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName		= Common Name (eg: your user, host, or server name)
+commonName_max		= 64
+commonName_default	= $ENV::EASYRSA_REQ_CN
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::EASYRSA_REQ_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::EASYRSA_REQ_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::EASYRSA_REQ_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::EASYRSA_REQ_ORG
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= $ENV::EASYRSA_REQ_OU
+
+commonName			= Common Name (eg: your user, host, or server name)
+commonName_max			= 64
+commonName_default		= $ENV::EASYRSA_REQ_CN
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::EASYRSA_REQ_EMAIL
+emailAddress_max		= 64
+
+serialNumber		= Serial-number (eg, device serial-number)
+serialNumber_default	= $ENV::EASYRSA_REQ_SERIAL
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints	= CA:FALSE
+subjectKeyIdentifier	= hash
+authorityKeyIdentifier	= keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# A placeholder to handle the $X509_TYPES and CA extra extensions $EXTRA_EXTS:
+#%CA_X509_TYPES_EXTRA_EXTS%	# Do NOT remove or change this line as $X509_TYPES and EXTRA_EXTS demands it
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always

etc/openvpn/easy-rsa/pki/private/ca.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9Aw1gbFKKkHb1
+/FMrQR30mWFJjy/3b8mELf0k0+3GSrJdDqldhM6oRiWD5jx3CogaHhKKmgbB5y2v
+3Oj2xlq787RVx6LWDjFtCYoL9iiqLQdhk/ZO5oaznFDLruiekqLLCbZXpHm0JCAV
+4+zd9ZvmbP5OZGsnmknIPHAmFqO0sD9mn1Ge70rMYrAIBJyrKtH6LrD4LhnU+TqI
+dEwFBCpfz0evaRjGlw9TEJecL3XCVd19hoXF6SWwBroQY3GQfywhY7ZUPvSA74XD
+eK4VjWtC7DKC97D4f3bHbdBtnG8XOPjri0ONnlnAFdEbEzBqH01C3Ebl3AN1700Z
+ZYAlqZW1AgMBAAECggEAAjc2Ma5rZEjvwA/yaKQlhf/DSnG1gfzLO7OvTz51v9iR
+0THyDdDX/FSALZTmGg4jTM0T8hB+qki7uh9IktX968yeTVAfCkvVy/2r4tqCnQYU
+m1H49fFRXGslblHRU8SLyH4HZ20b6R7wSllm5i4yIugdrg0SzX7LRR/iP6wNxLk0
+AW25S/YzDP5CeL1qEbN2fwFbOcLSaLDPZk7JDhLCUbJQAgDZ7gt/LApQV78w0/GM
+MeE50uHTGBtsWNE/oa9dWptjXW2Ee5poTwQHeBWXA/29gMV0oGBXx41J3ttX7TP4
+U1TL9hIgiLW3WEOGOJv0x0pYdxrG443AfnTnJ4GxGQKBgQD0fZGZUJMEd8lKoWzL
+eP/MIYTO7rUMrdUqtOVPDjck6LpYHfXCpi1jFL2t+L1GOjpjBoB8+RGn5V4tzZUH
+H5X+Qu9jxJa7PH5/um/XBaGEFJWxij3R97hakrBW58YBGXpKCp02raQcBCXlPG0z
+D30mjB9y+3oRH/nNJRt0VXzazQKBgQDF6OTTJvU4hVAugIoNTftOVVa/7Pdeye53
+QODB3R8H0AJKWZlYqQ82mkx0KA7xbH27zRr1r+KUOUiC2bmwhhJnHBqHGvv56hc/
+tXL6Lfmy1nKpyav+Ny/bgxvNnReQYZSFSrAjvrV6hMnVDO1OCISIGZSsHJ5t2h54
+eHJ++PZ2iQKBgQDlB/BqD/n5OIF/gSLapTnzLv8rnqBKBVnojNc3LJjp4X4W59H+
+iw9/fsGFhLtCW2+wrjmVWPl6L7r+61QM/UDUlD2PV2zgb3YND0iPxD2e7m2giGEL
+HaU8a6f3cV2iUAyn6bOGsjlG6Xfae7XMHFlfz+nyG7Qo8Kxgyb8jRqYUjQKBgQDB
+UEbLVZ9r8RQsCBRRAJ37mvIckIvkg9wxkia4VpPr3quOEkzuRFx+2mLZhxNpkK6U
+FblCyOXKINYKMj/mBF/PZa0n0RzVtWm2Kje/1c60eDISVNJyg1d01HEA+3Q77ITV
+WeoJUEwV+8TmHTVi5oEGK+6D24SJCuh+hjBYhDjB+QKBgG76WcH8uKX3gngZ6MO7
+qc9TwArnQiXnUjfFh0NijUaqUI/rJF8JEAdK7b6+IRgTK0JjiWS5oFYm9a12y7XP
+TgotywoVy0OkI1Risv9ZqQB1ZnDwUqNr72cfPWGAypA2x3pJUeWNedT49/FCBpSE
+8vBCo8Pva2XXJMg6dLNnJ/cn
+-----END PRIVATE KEY-----

etc/openvpn/easy-rsa/pki/private/emy-laptop.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDkXDdh+qywipM9
+tJo7XJKF2iduBtXIPv2laGiUf3TIsLKN+NW4Fx+vsxgjwwmgfCD5Z2dMGOS6oxa5
+jXzN6oYOQiQA28uEx325XpwsPX6EL80xcjnEvupTzmKV/MMS7ugobIGCF2FZx82B
+WK0T8wjQmWJl4TQO4AB3lkVj+LbBfk8u+f0ATNPBUQ/VRJxAImS+O3ywTHFSBVeh
+AvWwlRADyb5ILPZ51EYfMxpnw94CoAZQdCALMmKrKBvpN1wit4EDDg2m6S1KMOA6
+SG6TVRUw/f6eAyZF/wVM0PmtdHzFe16RcaOWotOUgYBQfE3VAewPchVM+Vh5cHCb
+qqUrTuOJAgMBAAECggEAZtN3RLEhbWUYo+JcyHoIqCjxNEPzo3VptT9sR+GUboHS
+BMeVRI11ASJ9riy2ewMpvePnyYY0CC5Dn02scvQ1ZNo3aAOQgrtpSzzkya7u9wqn
+NKqghI0K6q22Cp+EH1RgSUOClVd9yHWFfca2OJNo1rUab5GWZVRMIY0Stc9aS4mA
+lFG7aw5LJ7NP+Jh4E9XFjzr9IyraV+7h+G0qAZLE8qsA4j8vbtlApojAf9cKPFCc
+MYUeqVjqNx+fBb7E3t13+ffCG2Y/DNinxFMpV7kN7t+fYubZovZsZXdFEYatHCP5
+fMKDwBQYUfmK/pQmDip/HhlOJ8t11uQxQ5UPe3GKeQKBgQD9j9IOunGIPcN5xhZW
+36Y/ZqD/e9hjnqc3LKwFwcElPaXphA/zv1m83tesr+uMRNJIJ1FL+tVv8QtcIGrC
+Ha7oYlbK1mAN6HrVa8tvNZ0wEwRTgdyVtwRnCgBm2ONp7IGW2wX9oK89C3vwky4p
+c1Pm9QLKGqIQryFyolIJcJmgLwKBgQDmjlvB9DolWASKfNRJrVRigoFhX8JXWETv
+clEwzGGX1AmrzyFIE4fQMpYdZk3C2hyTuKlgXqZyXvlRr7rvFxMe0WcEMC7zUgd6
+YFMifgVL6rE/PXpgy6JdMwMBaaP6yxYUz1FbyL0WixZq1bllBm5Z+Xu7RLfNS71a
+urWqLXPRxwKBgQCYOazBXNtmELZ3OB4XP6O+Mm37k61geVIoRLBtsFm1cuJVZAxz
+qHBGfH581QyTpImd+cTL2aYj01GfmHKfYVStfMRgd/0ovGZqFJIIjOZ2gyQ4wiDc
+3QhOl+mP1SwKXouaNpnNH5e1DVz2HFY9WliHspZfIUgkvg9Vk++ubSQ9zwKBgGCR
+XAl+/CPMHArNgjVh7ihctUhNzZ68EBOi9DLWSEJJw8s8tJn15DrmFU43HXbx2Gpf
+PEJrIphhA1idnFSse4u69cUhUWkFALDXS7r0wc8sfBUa8Pk+EcGrriSXVOGk0pjg
+xRkGmXypwTf6UO7ppKr2/kZP4BSTFrq73X9sDkjdAoGBAPpMwaZ8MpLia/WBP7+z
+1A3zUKIjUFysmtacYEUEIRvgivfWkQpCpFjrJN0hwrib2Agzl7fGRpD9tu6/iDFo
+y1ZsWNb5x3StniIFHR+zgWU9+Gd3XMBw4uivWi0cppaYBi8ndNlY59OOL1o8rldJ
+RjRKcYht2Pscsbze8xPJVLt8
+-----END PRIVATE KEY-----

etc/openvpn/easy-rsa/pki/private/server.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7Lq5e5p3Q7OFj
+bciopQhfy2C5jRRZGCJGEcvv+gapQAXvhnumlh5F8OJe0Ya1leCpHL3Cgk7AWK8p
+w2n9w6Ezreug1OpUcxzzoZxKAQLJIIQRjFkNm8d4Svox14UZKAWwKRg9c56mr9tN
+GpzQp50KiKP+VGDzl/LowcpJi2rOQEe0DRY3HdIjmzpa3MufLtzJB2znvLv5EXMb
+4hgjvgdKntAZuKF1FWTLst8KoCReXQ8xrThdQ0olTfAioa3rRt/Zf7/QY1Cvo6gn
+mCS7rOm25d+pCLkEwEGDfAuNy2gkUdaMFSFT+PW0sD4c7zND8P/fgS37tQBSw+cI
+0kETlgJLAgMBAAECggEAEng7YccvsKXZt43loX5nTSHW8Xgnly2idCIywAMpFRo+
+0QZcEnFNm2khbRRk+RXzjRGg8nMZLNw+AcjzycO77EraV+GqcvAeMzaxzTuRosw/
+5oYKuM+zkahpoka52Lmc62eiqgL2l0v9lPtt7cjG3iXiyKhayK59nCntuUQLIz6u
+kSCTV8+d0e59VOfH9U/D3GXBTEwmdgweIATwEI+iToitX5fHtv6vgxkUiKpQW5mr
+ovRKhRGbPvwc9WO3qTEiT+5RZaVpjRX1rMYejnllQo5jFLFqZ2r9wWfjiWTvLAAr
+0tlI6qXve+UMd+69Fwq04KNFWgoT1UtYMu3pCrPegQKBgQDnGj38p8Edkinl2Np3
+xcT7asVGcOOfTiG2LhxjvpdLE7HbhJiOB/MAIfO6LbuHHrvDBSUAdAp5H1JzOIvR
+F9piTCb66NdGW0TNNfjPDoBTP5vhMHwGB1p9A4Ysueob8HVJWKNV+8gchyNIqHqh
+62cztcjBKo4ujOEM2m6awV4cYwKBgQDPWSFe5vidtFIBgNtJTVZN1PUSbkro2lbs
+RSqEkRRAxg/ZVeXUjo6NjW5mWdMMtE6QL+nBukrbIme/yM4WlnrrgsPd+mKVlEII
+H7XmVSIYKC43xwTexGOOl5hagFugnoKdjMNap4RffgY9rTqfr22PwHbXi9ET4f/g
+el3lvh/i+QKBgHaOsuAr21llQ5NDtYgecFiexMfHYC64sXi5nRzaiNkeKG86Td0H
+XPVjdZq8nWjLLn305K+f2EOc+vpbNvc0qnclJBYyX0YbymcQWi02/kQ27KwQ6H9b
+RGO/7BSD6AMfT7wp+dlBir5/4W0D6a2pi08u4eefAkQFR+sFIBrKOpKLAoGBAMef
+QOB0L9DsxLLL0tKMkVVXfCYlZxss8diAcoG0hzIhPSr5Zs6v/JBNJIeHXQfzI1vv
+tPYdG2pDgm0Cr17Ruz+34kh4gacOWFAn72D0f2GQdYafpZGus0aZrkUbJJvLX2a9
+GWrSsj+ZPfrtJu6L30gxfHjiFAU3ZLhCNtozo9FJAoGBAMKDchAFjYTsz1+bqdCd
+k5hOGJzIIbOpnrL3aPhzrzyc1G+QS7D5rxAL5AxlQgFlU/Z3c6t57jsKv0CqC4dg
+KkyxTdvRr8NZ2piMdAbJ6PeF2qRjmThGHT/K9Y/LyeQ0DJrppJ+IkwmNR9jtMmDq
+gRCWnkwSGjoAPmcA4eGMGpRD
+-----END PRIVATE KEY-----

etc/openvpn/easy-rsa/pki/reqs/emy-laptop.req

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWjCCAUICAQAwFTETMBEGA1UEAwwKZW15LWxhcHRvcDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAORcN2H6rLCKkz20mjtckoXaJ24G1cg+/aVoaJR/
+dMiwso341bgXH6+zGCPDCaB8IPlnZ0wY5LqjFrmNfM3qhg5CJADby4THfblenCw9
+foQvzTFyOcS+6lPOYpX8wxLu6ChsgYIXYVnHzYFYrRPzCNCZYmXhNA7gAHeWRWP4
+tsF+Ty75/QBM08FRD9VEnEAiZL47fLBMcVIFV6EC9bCVEAPJvkgs9nnURh8zGmfD
+3gKgBlB0IAsyYqsoG+k3XCK3gQMODabpLUow4DpIbpNVFTD9/p4DJkX/BUzQ+a10
+fMV7XpFxo5ai05SBgFB8TdUB7A9yFUz5WHlwcJuqpStO44kCAwEAAaAAMA0GCSqG
+SIb3DQEBCwUAA4IBAQAp3yWupAC5IN3xA54s63ORX6AsguqfesOMmKk0Sc3JINbW
+dSbTCKyD2S7h6gjuinNrXPE8tM7W6ljtOLH0sfOpCK74PrNv6SIOOxjfxwwQf4Z1
+f+iE6QFzm5coJfh2RZpRQQsnUDssiaLDSWERXYNrDBca5Yh5GCJA4jOnh6nlATzK
+Mpx5YKmDGIEOTX+mLfrYZgI9Lz41T0+85+AOK3IIuX5M01tS86D1MXYiWGR/kD0y
+MtR7R5AcnN02eHaWK2md6OFZFq9iPxd1A7sQ+fSS9h5clHaRH6P0ZlcMRm05yEQx
+PdaW6H5ts3/f/HKqvf6B9DwT3LeIsYK49SJfxiiw
+-----END CERTIFICATE REQUEST-----

etc/openvpn/easy-rsa/pki/reqs/server.req

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVjCCAT4CAQAwETEPMA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuy6uXuad0OzhY23IqKUIX8tguY0UWRgiRhHL7/oGqUAF
+74Z7ppYeRfDiXtGGtZXgqRy9woJOwFivKcNp/cOhM63roNTqVHMc86GcSgECySCE
+EYxZDZvHeEr6MdeFGSgFsCkYPXOepq/bTRqc0KedCoij/lRg85fy6MHKSYtqzkBH
+tA0WNx3SI5s6WtzLny7cyQds57y7+RFzG+IYI74HSp7QGbihdRVky7LfCqAkXl0P
+Ma04XUNKJU3wIqGt60bf2X+/0GNQr6OoJ5gku6zptuXfqQi5BMBBg3wLjctoJFHW
+jBUhU/j1tLA+HO8zQ/D/34Et+7UAUsPnCNJBE5YCSwIDAQABoAAwDQYJKoZIhvcN
+AQELBQADggEBAGVTygl1lsBn+4Ikpr1VDcpSdHf+pLdsr7humX7JczvrtGglHS+t
+d7UFGms8YAULkpmHbufoykodcqW7+AqWiojEjblffw+spktuiySDuRTkNweUHNet
+8+3IHgzeRCVnGtzjAjBD/DsME78B8eJ9QdjhjJZfjnsU8mz/2G5BxBjxntL5VURt
+fhViQmHHgSLrNwHWQnhVC7PpjQukX2zzKeCtrJg8yRWmgkdooJwcjpiigz4IHHVg
+Ujx5oSP49rJ4+/gd+EsdDqTIH8JeVCfX7FXXfxlVZYPwCbAW5tl9mwp9+AZXyQC8
+hDOwaUZ92zM7pz+OHEt0wA4fR0Nv/RFGYOQ=
+-----END CERTIFICATE REQUEST-----

etc/openvpn/easy-rsa/pki/serial

@@ -0,0 +1 @@
+1AD495E082C3D1972625515573003DFF

etc/openvpn/easy-rsa/pki/serial.old

@@ -0,0 +1 @@
+1ad495e082c3d1972625515573003dfe

etc/openvpn/easy-rsa/vars.example

@@ -0,0 +1,231 @@
+# Easy-RSA 3 parameter settings
+
+# NOTE: If you installed Easy-RSA from your package manager, do not edit
+# this file in place -- instead, you should copy the entire easy-rsa directory
+# to another location so future upgrades do not wipe out your changes.
+
+# HOW TO USE THIS FILE
+#
+# vars.example contains built-in examples to Easy-RSA settings. You MUST name
+# this file "vars" if you want it to be used as a configuration file. If you
+# do not, it WILL NOT be automatically read when you call easyrsa commands.
+#
+# It is not necessary to use this config file unless you wish to change
+# operational defaults. These defaults should be fine for many uses without
+# the need to copy and edit the "vars" file.
+#
+# All of the editable settings are shown commented and start with the command
+# "set_var" -- this means any set_var command that is uncommented has been
+# modified by the user. If you are happy with a default, there is no need to
+# define the value to its default.
+
+# NOTES FOR WINDOWS USERS
+#
+# Paths for Windows  *MUST* use forward slashes, or optionally double-escaped
+# backslashes (single forward slashes are recommended.) This means your path
+# to the openssl binary might look like this:
+# "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
+
+# A little housekeeping: DO NOT EDIT THIS SECTION
+#
+# Easy-RSA 3.x does not source into the environment directly.
+# Complain if a user tries to do this:
+if [ -z "$EASYRSA_CALLER" ]; then
+	echo "You appear to be sourcing an Easy-RSA *vars* file. This is" >&2
+	echo "no longer necessary and is disallowed. See the section called" >&2
+	echo "*How to use this file* near the top comments for more details." >&2
+	return 1
+fi
+
+# DO YOUR EDITS BELOW THIS POINT
+
+# This variable is used as the base location of configuration files needed by
+# easyrsa.  More specific variables for specific files (eg: EASYRSA_SSL_CONF)
+# may override this default.
+#
+# The default value of this variable is the location of the easyrsa script
+# itself, which is also where the configuration files are located in the
+# easy-rsa tree.
+#
+#set_var EASYRSA	"${0%/*}"
+
+# If your OpenSSL command is not in the system PATH, you will need to define
+# the path here. Normally this means a full path to the executable, otherwise
+# you could have left it undefined here and the shown default would be used.
+#
+# Windows users, remember to use paths with forward-slashes (or escaped
+# back-slashes.) Windows users should declare the full path to the openssl
+# binary here if it is not in their system PATH.
+#
+#set_var EASYRSA_OPENSSL	"openssl"
+#
+# This sample is in Windows syntax -- edit it for your path if not using PATH:
+#set_var EASYRSA_OPENSSL	"C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
+
+# Edit this variable to point to your soon-to-be-created key directory.
+# By default, this will be "$PWD/pki" (ie: the "pki" subdirectory of the
+# directory you are currently in).
+#
+# WARNING: init-pki will do a rm -rf on this directory so make sure you define
+# it correctly!  Interactive mode will prompt before acting.
+#
+#set_var EASYRSA_PKI		"$PWD/pki"
+
+# Define directory for temporary subdirectories.
+#
+#set_var EASYRSA_TEMP_DIR	"$EASYRSA_PKI"
+
+# Define X509 DN mode.
+#
+# This is used to adjust which elements are included in the Subject field
+# as the DN ("Distinguished Name"). Note that in 'cn_only' mode the
+# Organizational fields, listed further below, are not used.
+#
+# Choices are:
+#   cn_only  - Use just a commonName value.
+#   org      - Use the "traditional" format:
+#              Country/Province/City/Org/Org.Unit/email/commonName
+#
+#set_var EASYRSA_DN	"cn_only"
+
+# Organizational fields (used with "org" mode and ignored in "cn_only" mode).
+# These are the default values for fields which will be placed in the
+# certificate.  Do not leave any of these fields blank, although interactively
+# you may omit any specific field by typing the "." symbol (not valid for
+# email).
+#
+# NOTE: The following characters are not supported
+#       in these "Organizational fields" by Easy-RSA:
+#       back-tick (`)
+#
+#set_var EASYRSA_REQ_COUNTRY	"US"
+#set_var EASYRSA_REQ_PROVINCE	"California"
+#set_var EASYRSA_REQ_CITY	"San Francisco"
+#set_var EASYRSA_REQ_ORG	"Copyleft Certificate Co"
+#set_var EASYRSA_REQ_EMAIL	"me@example.net"
+#set_var EASYRSA_REQ_OU		"My Organizational Unit"
+
+# Preserve the Distinguished Name field order
+# of the certificate signing request
+# *Only* effective in --dn-mode=org
+#
+#set_var EASYRSA_PRESERVE_DN	1
+
+# Set no password mode - This will create the entire PKI without passwords.
+# This can be better managed by choosing which entity private keys should be
+# encrypted with the following command line options:
+# Global option '--no-pass' or command option 'nopass'.
+#
+#set_var EASYRSA_NO_PASS	1
+
+# Choose a size in bits for your keypairs. The recommended value is 2048.
+# Using 2048-bit keys is considered more than sufficient for many years into
+# the future. Larger keysizes will slow down TLS negotiation and make key/DH
+# param generation take much longer. Values up to 4096 should be accepted by
+# most software. Only used when the crypto alg is rsa, see below.
+#
+#set_var EASYRSA_KEY_SIZE	2048
+
+# The default crypto mode is rsa; ec can enable elliptic curve support.
+# Note that not all software supports ECC, so use care when enabling it.
+# Choices for crypto alg are: (each in lower-case)
+#  * rsa
+#  * ec
+#  * ed
+#
+#set_var EASYRSA_ALGO		rsa
+
+# Define the named curve, used in ec & ed modes:
+#
+#set_var EASYRSA_CURVE		secp384r1
+
+# In how many days should the root CA key expire?
+#
+#set_var EASYRSA_CA_EXPIRE	3650
+
+# In how many days should certificates expire?
+#
+#set_var EASYRSA_CERT_EXPIRE	825
+
+# How many days until the next CRL publish date?  Note that the CRL can still
+# be parsed after this timeframe passes. It is only used for an expected next
+# publication date.
+#
+#set_var EASYRSA_CRL_DAYS	180
+
+# Random serial numbers by default.
+# Set to 'no' for the old incremental serial numbers.
+#
+#set_var EASYRSA_RAND_SN	"yes"
+
+# Cut-off window for checking expiring certificates.
+#
+#set_var EASYRSA_PRE_EXPIRY_WINDOW	90
+
+# Support deprecated "Netscape" extensions? (choices "yes" or "no").
+# The default is "no", to discourage use of deprecated extensions.
+# If you require this feature to use with --ns-cert-type, set this to "yes".
+# This support should be replaced with the more modern --remote-cert-tls
+# feature.  If you do not use --ns-cert-type in your configs, it is safe,
+# and recommended, to leave this defined to "no".
+# When set to "yes", server-signed certs get the nsCertType=server attribute
+# and also get any NS_COMMENT defined below in the nsComment field.
+#
+#set_var EASYRSA_NS_SUPPORT	"no"
+
+# When NS_SUPPORT is set to "yes", this field is added as the nsComment field.
+# Set this blank to omit it. With NS_SUPPORT set to "no" this field is ignored.
+#
+#set_var EASYRSA_NS_COMMENT	"Easy-RSA Generated Certificate"
+
+# !!
+# NOTE: ADVANCED OPTIONS BELOW THIS POINT
+# PLAY WITH THEM AT YOUR OWN RISK
+# !!
+
+# Broken shell command aliases: If you have a largely broken shell that is
+# missing any of these POSIX-required commands used by Easy-RSA, you will need
+# to define an alias to the proper path for the command.  The symptom will be
+# some form of a "command not found" error from your shell. This means your
+# shell is BROKEN, but you can hack around it here if you really need. These
+# shown values are not defaults: it is up to you to know what you are doing if
+# you touch these.
+#
+#alias awk="/alt/bin/awk"
+#alias cat="/alt/bin/cat"
+
+# X509 extensions directory:
+# If you want to customize the X509 extensions used, set the directory to look
+# for extensions here. Each cert type you sign must have a matching filename,
+# and an optional file named "COMMON" is included first when present. Note that
+# when undefined here, default behaviour is to look in $EASYRSA_PKI first, then
+# fallback to $EASYRSA for the "x509-types" dir.  You may override this
+# detection with an explicit dir here.
+#
+#set_var EASYRSA_EXT_DIR	"$EASYRSA/x509-types"
+
+# Non-functional
+# If you want to generate KDC certificates, you need to set the realm here.
+#
+#set_var EASYRSA_KDC_REALM      "CHANGEME.EXAMPLE.COM"
+
+# OpenSSL config file:
+# If you need to use a specific openssl config file, you can reference it here.
+# Normally this file is auto-detected from a file named openssl-easyrsa.cnf
+# from the EASYRSA_PKI or EASYRSA dir, in that order. NOTE that this file is
+# Easy-RSA specific and you cannot just use a standard config file, so this is
+# an advanced feature.
+#
+#set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
+
+# Cryptographic digest to use.
+# Do not change this default unless you understand the security implications.
+# Valid choices include: md5, sha1, sha256, sha224, sha384, sha512
+#
+#set_var EASYRSA_DIGEST		"sha256"
+
+# Batch mode. Leave this disabled unless you intend to call Easy-RSA explicitly
+# in batch mode without any user input, confirmation on dangerous operations,
+# or most output. Setting this to any non-blank string enables batch mode.
+#
+#set_var EASYRSA_BATCH		""

etc/openvpn/easy-rsa/x509-types/COMMON

@@ -0,0 +1,12 @@
+# X509 extensions added to every signed cert
+
+# This file is included for every cert signed, and by default does nothing.
+# It could be used to add values every cert should have, such as a CDP as
+# demonstrated in the following example:
+
+#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl
+
+# The authority information access extension gives details about how to access
+# certain information relating to the CA.
+
+#authorityInfoAccess = caIssuers;URI:http://example.net/pki/my_ca.crt

etc/openvpn/easy-rsa/x509-types/ca

@@ -0,0 +1,12 @@
+# X509 extensions for a ca
+
+# Note that basicConstraints will be overridden by Easy-RSA when defining a
+# CA_PATH_LEN for CA path length limits. You could also do this here
+# manually as in the following example in place of the existing line:
+#
+# basicConstraints = CA:TRUE, pathlen:1
+
+basicConstraints = CA:TRUE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = cRLSign, keyCertSign

etc/openvpn/easy-rsa/x509-types/client

@@ -0,0 +1,7 @@
+# X509 extensions for a client
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = clientAuth
+keyUsage = digitalSignature

etc/openvpn/easy-rsa/x509-types/code-signing

@@ -0,0 +1,7 @@
+# X509 extensions for a client
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = codeSigning
+keyUsage = digitalSignature

etc/openvpn/easy-rsa/x509-types/email

@@ -0,0 +1,7 @@
+# X509 extensions for email
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = emailProtection
+keyUsage = digitalSignature,keyEncipherment,nonRepudiation

etc/openvpn/easy-rsa/x509-types/kdc

@@ -0,0 +1,21 @@
+# X509 extensions for a KDC server certificate
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = 1.3.6.1.5.2.3.5
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+issuerAltName = issuer:copy
+subjectAltName = otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
+
+[kdc_princ_name]
+realm = EXP:0,GeneralString:${ENV::EASYRSA_KDC_REALM}
+principal_name = EXP:1,SEQUENCE:kdc_principal_seq
+
+[kdc_principal_seq]
+name_type = EXP:0,INTEGER:1
+name_string = EXP:1,SEQUENCE:kdc_principals
+
+[kdc_principals]
+princ1 = GeneralString:krbtgt
+princ2 = GeneralString:${ENV::EASYRSA_KDC_REALM}

etc/openvpn/easy-rsa/x509-types/server

@@ -0,0 +1,7 @@
+# X509 extensions for a server
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = serverAuth
+keyUsage = digitalSignature,keyEncipherment

etc/openvpn/easy-rsa/x509-types/serverClient

@@ -0,0 +1,7 @@
+# X509 extensions for a client/server
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = serverAuth,clientAuth
+keyUsage = digitalSignature,keyEncipherment

etc/openvpn/server/backup-old/ca.crt

@@ -0,0 +1,27 @@
+
+-----BEGIN CERTIFICATE-----
+MIIEVjCCAj6gAwIBAgIQY5WTY8JOcIJxWRi/w9ftVjANBgkqhkiG9w0BAQsFADBP
+MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy
+Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa
+Fw0yNzAzMTIyMzU5NTlaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF
+bmNyeXB0MQswCQYDVQQDEwJFODB2MBAGByqGSM49AgEGBSuBBAAiA2IABNFl8l7c
+S7QMApzSsvru6WyrOq44ofTUOTIzxULUzDMMNMchIJBwXOhiLxxxs0LXeb5GDcHb
+R6EToMffgSZjO9SNHfY9gjMy9vQr5/WWOrQTZxh7az6NSNnq3u2ubT6HTKOB+DCB
+9TAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFI8NE6L2Ln7RUGwzGDhdWY4j
+cpHKMB8GA1UdIwQYMBaAFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEB
+BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzATBgNVHSAE
+DDAKMAgGBmeBDAECATAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDEuYy5sZW5j
+ci5vcmcvMA0GCSqGSIb3DQEBCwUAA4ICAQBnE0hGINKsCYWi0Xx1ygxD5qihEjZ0
+RI3tTZz1wuATH3ZwYPIp97kWEayanD1j0cDhIYzy4CkDo2jB8D5t0a6zZWzlr98d
+AQFNh8uKJkIHdLShy+nUyeZxc5bNeMp1Lu0gSzE4McqfmNMvIpeiwWSYO9w82Ob8
+otvXcO2JUYi3svHIWRm3+707DUbL51XMcY2iZdlCq4Wa9nbuk3WTU4gr6LY8MzVA
+aDQG2+4U3eJ6qUF10bBnR1uuVyDYs9RhrwucRVnfuDj29CMLTsplM5f5wSV5hUpm
+Uwp/vV7M4w4aGunt74koX71n4EdagCsL/Yk5+mAQU0+tue0JOfAV/R6t1k+Xk9s2
+HMQFeoxppfzAVC04FdG9M+AC2JWxmFSt6BCuh3CEey3fE52Qrj9YM75rtvIjsm/1
+Hl+u//Wqxnu1ZQ4jpa+VpuZiGOlWrqSP9eogdOhCGisnyewWJwRQOqK16wiGyZeR
+xs/Bekw65vwSIaVkBruPiTfMOo0Zh4gVa8/qJgMbJbyrwwG97z/PRgmLKCDl8z3d
+tA0Z7qq7fta0Gl24uyuB05dqI5J1LvAzKuWdIjT1tP8qCoxSE/xpix8hX2dt3h+/
+jujUgFPFZ0EVZ0xSyBNRF3MboGZnYXFUxpNjTWPKpagDHJQmqrAcDmWJnMsFY3jS
+u1igv3OefnWjSQ==
+-----END CERTIFICATE-----

etc/openvpn/server/backup-old/ca.srl

@@ -0,0 +1 @@
+469A1D60BE8EC6EE44EE81E5AB9A24B61EE78435

etc/openvpn/server/backup-old/server.crt

@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAxOgAwIBAgISBaCPzr8fq0guKTRH/42qANiyMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+ODAeFw0yNTEwMDUxODE2MDJaFw0yNjAxMDMxODE2MDFaMBsxGTAXBgNVBAMTEHZw
+bi5jdXRlbWVsaS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGjXe/B1Wn
+r9hwoS4V/SxMjZ/Qx+rc4/WlexgH+66Zdegjz8zXmtaT93MtGzgNwffrk2mBM2hA
+mgxXy882Rf/bo4ICHjCCAhowDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSTABfK7Ti6
+PkMxWyGqVs7R9P/TBzAfBgNVHSMEGDAWgBSPDROi9i5+0VBsMxg4XVmOI3KRyjAy
+BggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lOC5pLmxlbmNyLm9y
+Zy8wGwYDVR0RBBQwEoIQdnBuLmN1dGVtZWxpLmNvbTATBgNVHSAEDDAKMAgGBmeB
+DAECATAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vZTguYy5sZW5jci5vcmcvNTEu
+Y3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAyzj3FYl8hKFEX1vB3fvJbvKa
+Wc1HCmkFhbDLFMMUWOcAAAGZtcwKrAAABAMARzBFAiEA7yYWyd69ruhzbs8ZCw7+
+b4QIlienyATFcwff4xORX6UCID4QAzDQpuwI23OMhGo1+86KuosHgwy+G9XIjj1r
+UddAAHYAlpdkv1VYl633Q4doNwhCd+nwOtX2pPM2bkakPw/KqcYAAAGZtcwKzAAA
+BAMARzBFAiEA/5t3AApTDxXCp/bJxn2Wr06vZM8LO0LwwZU4kiCUndcCIGQ65r6G
+KvmXqhfg02PEwcFojo03NDrbw/7IgZaitpzTMAoGCCqGSM49BAMDA2cAMGQCME2k
+UBz+sr0WJnAPZHzx7pxIg99SQVagGQQDPnUhciQeDiAf++dpm2slhzhdPj9vuwIw
+aP8e5wJ6uz2an96g6o+h0h4hrcrJtYmzORZSGuCxGpywFa190l6Ck1I7WX5Z6CWX
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIEVjCCAj6gAwIBAgIQY5WTY8JOcIJxWRi/w9ftVjANBgkqhkiG9w0BAQsFADBP
+MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy
+Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa
+Fw0yNzAzMTIyMzU5NTlaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF
+bmNyeXB0MQswCQYDVQQDEwJFODB2MBAGByqGSM49AgEGBSuBBAAiA2IABNFl8l7c
+S7QMApzSsvru6WyrOq44ofTUOTIzxULUzDMMNMchIJBwXOhiLxxxs0LXeb5GDcHb
+R6EToMffgSZjO9SNHfY9gjMy9vQr5/WWOrQTZxh7az6NSNnq3u2ubT6HTKOB+DCB
+9TAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFI8NE6L2Ln7RUGwzGDhdWY4j
+cpHKMB8GA1UdIwQYMBaAFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEB
+BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzATBgNVHSAE
+DDAKMAgGBmeBDAECATAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDEuYy5sZW5j
+ci5vcmcvMA0GCSqGSIb3DQEBCwUAA4ICAQBnE0hGINKsCYWi0Xx1ygxD5qihEjZ0
+RI3tTZz1wuATH3ZwYPIp97kWEayanD1j0cDhIYzy4CkDo2jB8D5t0a6zZWzlr98d
+AQFNh8uKJkIHdLShy+nUyeZxc5bNeMp1Lu0gSzE4McqfmNMvIpeiwWSYO9w82Ob8
+otvXcO2JUYi3svHIWRm3+707DUbL51XMcY2iZdlCq4Wa9nbuk3WTU4gr6LY8MzVA
+aDQG2+4U3eJ6qUF10bBnR1uuVyDYs9RhrwucRVnfuDj29CMLTsplM5f5wSV5hUpm
+Uwp/vV7M4w4aGunt74koX71n4EdagCsL/Yk5+mAQU0+tue0JOfAV/R6t1k+Xk9s2
+HMQFeoxppfzAVC04FdG9M+AC2JWxmFSt6BCuh3CEey3fE52Qrj9YM75rtvIjsm/1
+Hl+u//Wqxnu1ZQ4jpa+VpuZiGOlWrqSP9eogdOhCGisnyewWJwRQOqK16wiGyZeR
+xs/Bekw65vwSIaVkBruPiTfMOo0Zh4gVa8/qJgMbJbyrwwG97z/PRgmLKCDl8z3d
+tA0Z7qq7fta0Gl24uyuB05dqI5J1LvAzKuWdIjT1tP8qCoxSE/xpix8hX2dt3h+/
+jujUgFPFZ0EVZ0xSyBNRF3MboGZnYXFUxpNjTWPKpagDHJQmqrAcDmWJnMsFY3jS
+u1igv3OefnWjSQ==
+-----END CERTIFICATE-----

etc/openvpn/server/backup-old/server.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIPPZ7Syd1F/ed42DRSegOQ8rLr/66oUHQdJ4FkfG8rlJoAoGCCqGSM49
+AwEHoUQDQgAExo13vwdVp6/YcKEuFf0sTI2f0Mfq3OP1pXsYB/uumXXoI8/M15rW
+k/dzLRs4DcH365NpgTNoQJoMV8vPNkX/2w==
+-----END EC PRIVATE KEY-----

etc/openvpn/server/ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUd4INqGTrRX8tpNjILVfLp/FW9JowDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjUxMDA2MTcyNjM1WhcNMzUx
+MDA0MTcyNjM1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL0DDWBsUoqQdvX8UytBHfSZYUmPL/dvyYQt/STT
+7cZKsl0OqV2EzqhGJYPmPHcKiBoeEoqaBsHnLa/c6PbGWrvztFXHotYOMW0Jigv2
+KKotB2GT9k7mhrOcUMuu6J6SossJtlekebQkIBXj7N31m+Zs/k5kayeaScg8cCYW
+o7SwP2afUZ7vSsxisAgEnKsq0fousPguGdT5Ooh0TAUEKl/PR69pGMaXD1MQl5wv
+dcJV3X2GhcXpJbAGuhBjcZB/LCFjtlQ+9IDvhcN4rhWNa0LsMoL3sPh/dsdt0G2c
+bxc4+OuLQ42eWcAV0RsTMGofTULcRuXcA3XvTRllgCWplbUCAwEAAaOBkDCBjTAM
+BgNVHRMEBTADAQH/MB0GA1UdDgQWBBTdFqHUghgUs4N1F02DZ5P7TfJYtzBRBgNV
+HSMESjBIgBTdFqHUghgUs4N1F02DZ5P7TfJYt6EapBgwFjEUMBIGA1UEAwwLRWFz
+eS1SU0EgQ0GCFHeCDahk60V/LaTYyC1Xy6fxVvSaMAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAP0X9x4SQFXaR7FEYwjAQ+uX1EtWQP+GhA3MKQI7scQL6
+TxMc/103x7Ty3Sb0tbG9iOMb5v9rXqiLFyzxqZAh4yiLnsJDwe/OlozfkVcGhXcl
+L67q56je+D/PptD6UoWBYvLPPdu8DNaa/0aVsyE0hXIrjnNYNz8Kb9YXLmbxp051
+/5GxpMdonyEOIxQv40lITDH0Ynlx0QiPF0bqDYT5nsMGx8gRTStKL+WMQGi0CHGe
+PoyOFdR0JdJcR6vvr8b+32fHeIZrpwTrqUoUJuR0HtFrhhIF7es9bmw3px1mMd1M
+OJ+fp9iYT1JcKtB6WeV+TOTkfsFzdg+EIqG4os+ZzA==
+-----END CERTIFICATE-----

etc/openvpn/server/ca.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCwdy1UeFU3qm/A
+TaCZCLi2eMw/BBT0VdaRlxMSkUgMf4OpviCGBvymlQoFWJTheQzwu4NshHaDKaUa
+3cbYFuNXtonSgMOnSQZ6w05nG/4RKvgRAMtknGRlwGcSKdJAX47nIwzxMuNw08CM
+t07J4pEvGoqZZbUYVjTdvURZSp8alKAIyE7EGCt3Ygrmd3I4tVfb36OabXLo2NTs
+uY2fD8ZoVSHdlpyBl8IIKnkCcDRhfY13xdDr+WhoMWObQRYfMj3aZz0l3suJfpIN
+wd0zaiSPfC04FYjbnFR4mDBm587+1Z9AHCXqyErCaIpuCMHDSAE1uu40brKjNbed
+kSl3CVMFVIYQqSVRQ4SulNVWx6JqpwvihGxWrrDpXPhv35c2wHKrvBX1d2UCnt6o
+UqBox3tjPJMDhRcYv8W0L10IzXay/JQUtF4zlF2kCrc8zAi69hMrGj5ZkaqtNUSm
+WgsIPkaJeOU+UzdOzkumoz5fyVbYGlwC8epfAc4CB+fqBfpVBk4tZe6Xak7BG5vH
+KFqApdC1IzaysuSYOh1w2GRipl/btSZzT9z19+4CLuGOleQCK/0puuGNmRgYIgCW
+L7rN1tK05wY5Zt/fQieL6K120uZcoJhU1Fe8eKG/Mcc/h8M5q4TdYxnFIyWzYz24
+rexgvm81EP9kydrS4uvGzLhcyfKqAwIDAQABAoICABHsCK6LihwdMzxUpfrk592g
+Zx3/TCGElkYzEbzRBIBAcx7KMINsMjy45kuks3oy0R2h7bcXvPGVSS9xVsCbkntW
+DqlSaoyS3hWZwFy4exVDR+5yJjYRrCCpac5ucOwYyGqxJJ9ai77pwqSH+XiHijc+
+etUZf0r5dmUO0+I9sesBLT+3GEjSK5f0XScK+o7H3CR4kiUc+I6tdvKT5c5By+TM
+wKPAqCSBRTOPHLsiqi88kSGY9Z8BtZjfaz5ZXeXNNHr6ATvXZNSSBkNfbRfLr+ri
+sbUAeuXS+sFEs6W/5UX8bDAWq8MslGsqMuT5/rPWnEjYs1if5YSt7/gQxiVQzR2R
++LsPMhY1NbpvwdPJz4mzWgfuDtAfZK6+O1hX6BL+JK3xkCOLK+oOBAXfprlG7rhc
+LHn+OtHTL2sUHod19wdCnAjQ2pGxHj6snXuNAJqpRsJHCf7FoJ13FjDU4NMq0fMu
+Iw7Q9hiFuPPoCvWVMCdCBMY4yrKrBh3Bt+66+vX8dy6EgypYo9RV5pDwzDaAXIw3
+z9iM50J+0tuxK62BBxY7kRZvGXFrDgR5EedEO7031+T4F9Tx09TKO0mUDcbCeP0C
+TiVBGE/agCNqaBRz6VquSa8M6fVKEPp121VeTc2APKacNadUjD008K5LtvvZlFWA
+fG+kJZPhLC00kzjSfsABAoIBAQDwPNXR0RXvLmCuS5SjdTeUl7EtiE51G6KIVnUg
+KGTP+jDgvlwC/ANUTbCHjz7dkpkdxoPzKfkQUJbju85kgdwIR0WAPId6xxoLqSj6
+d9wYu7u8um/eCj5KUo6ldb0t0SHD3eA94N04Ajrcnm27fpeTOWRY62UDpDZ3omb/
+daG3pGzaqVv+JKHvdDqMtV/chXKdfkcZKwNum7QvBcXlprghJL6los55XqYadqzF
+BukkZ/LDYuAVBRt1qf8ALGMTyI70yfmGT4FQ8w2073MIiLchKgws+6PPzSWCNBHh
+mlzk3gfpf7fT+yM9Ik6hSHai9zXgWsoarwTapVpH5C2UCFkxAoIBAQC8CzCwq2iW
+Vu7rmtpPICQxFF/MK3yaA4CQjWs89I4CBY2xkd1T0MvVGgyTMqqehlrunOBjllo5
+QX0ozHmfKxmpGK16J7prb8cd+Ncbj1hUq+npWdfeuikVRD/lIoWxfhjvQBme/rG/
+dflGqx0gFe1eDpw6zokoSXUbvrmuwtEs7QWh+ZVuFLMbHqu1mcU5ysapkGgIgF+j
+TQZaUR/02rS09LSoYr/vz/5EyaNtDkXQnfPj7PIRRmy/aYVdbWLAlnnRzmuZRd5z
+DTBCEcBAmp+qVwBmZduU5agxMr8f4kEouQg2DZuvpPUGzcBXg5+fxPSLB60flfUo
+Rd7zlOZgFelzAoIBAAvRclNYDdQuW+M3JKDF624L6FNtGS75pQ0/85MZaZwxmqXz
+t2MOMru69qw0h8suowmr8mHL9syuqj2Zx5V6LfDaULj2QVPw538bW0C3FMTCt4GZ
+SleJ+XZ+iTXqjNvsJdUU3SsuHLPcqDiiMpO+roY3lJArRFThhyxreNWoW8RE+nXn
+Tvc5ph25ggfaBFU8216UD7tVOl3+muaVSh76DKTUwew0DiQ6W8GBhQ5MQLvhwTeL
+baqbDbbEHh9MD7OxchbouLW6w4nP6ySzgt0wnJGtF9w+pNhcJzQ4i4ilp1w67/i0
+p75t5FXlkiis/+kUcDoRPVACvCJlcAOJXhSiNIECggEAQrghtX2L5VPA/914ufxo
+evWEq/d+BVNayW8z7nPC8xqvVKKxieyadekBLzUZ7pczKliFETCmoIwI8XHjcUMk
+nqe/3Yi9DyOg3ZSOFhw9NgWtP/t9qWwZ6Y7GsPEXyIs6I6F1tcEephUgth8+fUTq
+bKX4brEbXyz5HTgFv+kluK/8gKUCjQVRKz0tpYiCvuegp0cyclnCFTneGCuSkBkN
+ZuswMlKfUWJWEGgO0UHwKX3xrBxFIzX+nce95xFJqZV6caOw77gnnmC+j6KmuQVj
+w1eNL8fSKjl1/MbJo3Futxk3vZ4EcESyH5DfPu3XtCN4tN+rYHqfeoOYAIsDVnJP
+2wKCAQAa+Qtx0kN8bZuc6uIu/N93D1DH8Nf4acYBHnK4x+3CDyacYbaxRMwgWT7I
+ZYIArhEFGYRDQADqAcXwdhSUVvHmdEx+/H/m9BPQjmknXdu+wv1f7+H+MR/CF+Kr
+KDfy5CZECtVZqqcIe6TowLxr6/AjuIUTuGxRmFQom1d6c+XUkEN7aZSvA0+hPpFp
+pDZhWINY2yFXJp9PM05bUYQ6np1irLK/ml6YoLuX0b5R8qRyBLqbt0MdZq9eXng8
+XEIMd8I+bgsmdD6vH4yPcgpMT+mukm+Szt6oZJP3sAVYZKe7LZxXDymFwepe15vP
+BhqbyO9FaDlBLp6TBkdXWjVJegfd
+-----END PRIVATE KEY-----

etc/openvpn/server/ca.srl

@@ -0,0 +1 @@
+7996B8D142923ACFC89F3B8510B2D4AD9B17F983

etc/openvpn/server/clients/arch.csr

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVDCCATwCAQAwDzENMAsGA1UEAwwEYXJjaDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAOj+4UR6NJF+6NhsFfZ5r9eN3ny9+hiiv/UEgJVvEQOhpRV6
+x2E8LYiMYfdMCuVjgXwvG4lE9lHI0w+Mmjm+dhMtjwJdTD14SL2g7xuG9nD27Hby
+CvdPqwnagPjwzMs518aIsh0lNgVVwdzQF6J/lP3KcFZ9jF6qwz3OHUXbrDRK7LY0
+YOQ63ntWUZ8HOHmnmfoKwhe2iMoMs5YRUEkSqagQY0pawg8IF7ks4Pu8MajRs/Ks
+2tRgulBfRevPD6j4DEemkV+q4chfeJNMDeJoVGzOM3IBW16kUhOCKX8Z2w2Cvu/v
+h73PbPNLNq2y37tNnLtKAVCp/CyANFJ0pZ0XOjkCAwEAAaAAMA0GCSqGSIb3DQEB
+CwUAA4IBAQCt7w0W3cmL0IOTWtXAmn+wkuGWY1x3m57PhbkiKSHh4Tb1H69TrLwn
+QnR3Phd0HEaR3HwSuBfodcGI38PnyrB0KGiQ87W5qZWvfMNWZxan/cmXpDzFwQ3A
+UOBrzmJf8+jz9zOQNAChi+vuJf/46bWnP1P2Rq6AKMzFcm86CtjQWP8KrOIwovO8
+bvPHwrc/qKv3Z0TmF/gs4KRK4nLHgGd4VA3p2FVa2Aqb2AxQwvEaYITn3kMhT2Lp
+4/BmWCnN9QmwXd4KHMTslOkm0l8HalnFQB+rkvDYRDf6frgDkY5dt8kSNGxz5fEp
+Pk2Yt5TVyp7O3bXqFjyqVyTSd3owTZ1c
+-----END CERTIFICATE REQUEST-----

etc/openvpn/server/clients/arch.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDo/uFEejSRfujY
+bBX2ea/Xjd58vfoYor/1BICVbxEDoaUVesdhPC2IjGH3TArlY4F8LxuJRPZRyNMP
+jJo5vnYTLY8CXUw9eEi9oO8bhvZw9ux28gr3T6sJ2oD48MzLOdfGiLIdJTYFVcHc
+0Beif5T9ynBWfYxeqsM9zh1F26w0Suy2NGDkOt57VlGfBzh5p5n6CsIXtojKDLOW
+EVBJEqmoEGNKWsIPCBe5LOD7vDGo0bPyrNrUYLpQX0Xrzw+o+AxHppFfquHIX3iT
+TA3iaFRszjNyAVtepFITgil/GdsNgr7v74e9z2zzSzatst+7TZy7SgFQqfwsgDRS
+dKWdFzo5AgMBAAECggEAJ/u5T6WDCObU8XLW8AWg4eZEJHb7iKfBNjxQDpTRQCTI
+rh90QKDxlWm11BjWE9hYG6X/3TYa6R0D7zqrKrafD5p1XKwDDddq8DPCZKBsASW2
+nZDaxecDjHzVPiMgmc1y1GyX2D2PACpfytNhAu9O86B+V7FS2doHCD+rMVZJvm07
+R1+s9nEPCt7ogZ5g2YFRHDN6UyaBW8QsbtfpIvNZTt3L7RNvWLemV4Uuk+0AVL29
+PoJ5KOgi9bEs2M+kylk9wKYpDkqN79EU7AUh0TBpgsKeroLFrze8j7gPy7encc09
+iZ6Faf6dWtcyAf269PXEtOgGC6kabwzWtGGrGBT2EwKBgQD7YJFbunCH8CjVw+os
+zyg/2PlyBEGWpfu27WCz9en0OXhMz681dywsTs7d4BwS/JVExi9j0pLW+YUmfFej
+PGrNgXW404WzHCQv6xCttc9E1xtfFrSuHUbmqTcYaX462XoX5O8ASO5k/H/b8h3k
+kBSBAFs3zEfM9+3mVBvZZZTwxwKBgQDtR8Z/3NFq6Azj+LrzYYREI9qi6ASoVpZZ
+RLJ6Rmx0sK7a7HPLO4XC/DT4CAw8ixG+R5hvSxIH8gts/9mhcDooxs6wUMoGLlS9
+B2DnUe9N0FrabmjozXiDHLQ36T6jAQqRd5ntABVSACMkWTsGPRBZGCP5IeLe7e7O
+ZH9BeQ18/wKBgHMQ1hjF8+LV1Otc3aGbRdJMEIrXVeqOmfU3HY/i3i+z6tRGMO5p
+WagCfwDjKBas1esASQsJhbuvxfpC6p7G9iCRxQBQmp/NHudsU1sgoPri+B2DuDsH
+HcBR7u1WxLhNemzbl2dq+uzxA9n7LyHDrg8KybZ15Nv3FUfcck8GB7JbAoGBAIoq
+62l1GfTYnvj401P5it1qy1tlI6Eqmm3s1MjizTC92XPdkCfdxywdVHLBrO5sRK66
+XgcgfaVmykR0TzP0d8layuxcfudOf0V7UHAig+iZ1O2wsSIu02f1hPOxvCmK566B
+KH6bN88CCXSXCQm+8RAQQJJHqyYJAq/oUTm81Z/dAoGAb0xfGRw86gLiBsk6Ygyb
+MU+1JKfcWllFZTfaBs6B0jfYyLeS3QrRUIxPRVumarbXAvsblDxCqGfjuiLhoyvi
+wS41hkC2suGdp3wZ/yZQU7jHeuRc+Xv2AzzK+M8DkfhP6BjO7c0jiAKOXzKTRPf/
+rT6C5zF2vSThx0tQE1iB5VI=
+-----END PRIVATE KEY-----

etc/openvpn/server/clients/emy-laptop.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEAzCCAesCFHmWuNFCkjrPyJ87hRCy1K2bF/mDMA0GCSqGSIb3DQEBCwUAMGcx
+CzAJBgNVBAYTAkRFMRswGQYDVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxEjAQBgNV
+BAcMCUthcmxzcnVoZTERMA8GA1UECgwIY3V0ZW1lbGkxFDASBgNVBAMMC2N1dGVt
+ZWxpLUNBMB4XDTI1MTAwNTE5NDUyMVoXDTI2MTAwNTE5NDUyMVowFTETMBEGA1UE
+AwwKZW15LWxhcHRvcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0+
+NLS9tmwHuh7rRNhiSYnFtNT7x2paUmLHU4oFFb2goJw4NkdzBgKUGI60Tkal84zJ
+ZVEcoEXB8PU2doDaiTBprjjEMqY4K3P3+mop6zDIB7U3ssYw/Nz2C3mSuQ81zrbT
+l2o8fghoJvzOnnzehyIWG/LuoXzDZC/j4djePRq2qywjedPGPoU/YhsW/pyWTz76
+eANxBvkix2M7WWEAp4YYW4vrDQymWXev39MI7xMChBgHpe0jiW6bJsxt6pw6kXdp
+1vR+5ARLHvMl6Rs9gatS3CHcEkPX4LRdRPboi8xiJ7D0fbkOSH5d+hERKCPId68s
+SaWtUz8bpq/s0Iz4fPUCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAomnv8eskjl/P
+ZGy97nMxyeqoASspP4/nhSnLpPhXmpnnWBDM2YQzzAU//ABoOfPE4WnmJCeH2ZGQ
+TZ9nn5M1VpkR8fJtC6j7lnRb4pKNGqpcfipZhKDGwYIMiRncscUejA3S1xhskerV
+K9MyMp+4KTT+tgawTeOeFimymk2CcUS/000szXLgsdA01RMJ3oZMzLJMEeIbY6CI
+r6ULNgWgqyz36KDBOJxzHMzTYZUGTQblkSCJq3pFcK9Y5g7dpHbJ4VqyPbV8AJA7
+FW8C6aOuiCQoQhPrTZZP2+bhlsNtEAIhceatSPjdYZNUPiM44Qkw69fOm5IjglHT
+gSV1bt8Ng8T7Fuds5bWFW6huza/Y1VcbCDdsLxCbu4A4FeTIB77vqBOo1/O3hRh1
+zhhQ+o6cEL+srJkao3U114XlHsrj5IfvH+epst3JeifH2FRvxJVu8qxy2tr4yFRO
+8jvFSP69bwbIL2MMcKF/K0shD/tUmhesdLhHvKsoDi6qHu+YbFfdzJNsplzf2wTA
+Itm83Dq0yAukmDslfTCUcq8XoSGRq4okqjHZBcvzXgBe9eA0D8blMqNd0oV+81hu
+pJm7QOUYycZG0PRR+tp7lPASjVkEFpBEHTstnkobRwrHshGVVMj8TPpe61bt8gXJ
+Q6TBXSSLcCP1zdIFu12jGK14hbHx+ew=
+-----END CERTIFICATE-----

etc/openvpn/server/clients/emy-laptop.csr

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWjCCAUICAQAwFTETMBEGA1UEAwwKZW15LWxhcHRvcDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAK0+NLS9tmwHuh7rRNhiSYnFtNT7x2paUmLHU4oF
+Fb2goJw4NkdzBgKUGI60Tkal84zJZVEcoEXB8PU2doDaiTBprjjEMqY4K3P3+mop
+6zDIB7U3ssYw/Nz2C3mSuQ81zrbTl2o8fghoJvzOnnzehyIWG/LuoXzDZC/j4dje
+PRq2qywjedPGPoU/YhsW/pyWTz76eANxBvkix2M7WWEAp4YYW4vrDQymWXev39MI
+7xMChBgHpe0jiW6bJsxt6pw6kXdp1vR+5ARLHvMl6Rs9gatS3CHcEkPX4LRdRPbo
+i8xiJ7D0fbkOSH5d+hERKCPId68sSaWtUz8bpq/s0Iz4fPUCAwEAAaAAMA0GCSqG
+SIb3DQEBCwUAA4IBAQApu9ntmZSxGTAPQhANLYe5LbW0jtxLuiySHPN3TrR3Xi6q
+wLyL3fUEfJHR3QK8SQ+2f54tNfWrRQl39UwWBma6J/hftK3ROWFDwiUvKazKg62N
+xLvF4HfcEM0aE/HMKVnNgtfErmwXLr9LfNcyfhzMW0Gl4lpofQzYj0KP2SCfvMVt
+DYK6jIfO/AuBg8DsK3s2HCD+UU8xFgVvq2RWuS2K148S2MWGEBiOHjLouQc4ohGv
+TfaiXaTTGwEJsDHaaOCfLyvNN9D2fK/uIL2x6q3rpi+qXwOAKVFwrEKd5ne7LSBI
+QpjTWj68ViQ9Ntxz7yyl+b9VGlP6kaCdGAYJBRpk
+-----END CERTIFICATE REQUEST-----

etc/openvpn/server/clients/emy-laptop.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCtPjS0vbZsB7oe
+60TYYkmJxbTU+8dqWlJix1OKBRW9oKCcODZHcwYClBiOtE5GpfOMyWVRHKBFwfD1
+NnaA2okwaa44xDKmOCtz9/pqKeswyAe1N7LGMPzc9gt5krkPNc6205dqPH4IaCb8
+zp583ociFhvy7qF8w2Qv4+HY3j0atqssI3nTxj6FP2IbFv6clk8++ngDcQb5Isdj
+O1lhAKeGGFuL6w0Mpll3r9/TCO8TAoQYB6XtI4lumybMbeqcOpF3adb0fuQESx7z
+JekbPYGrUtwh3BJD1+C0XUT26IvMYiew9H25Dkh+XfoRESgjyHevLEmlrVM/G6av
+7NCM+Hz1AgMBAAECggEAGLHrVXBNlqyrTUkAMVAhZ3A1TL7vOCvT3pzHPb9nz/Yb
+rukcY6bzzl5J+d2d4tg5FXKH7L4F4qu4q1uuHMQKFkqaOSFOjv8mwoswuP1stzFs
+V9qusy28fcrc6+GMW6yx4MHcrZod5RjjpdnWIbqezK8WINT/VAeOOn1jbkSPtUTk
+lMODzlmcoDkwn0RuGO/l2R0f6c+njFLdHNpz81hf8i2qBIP4F453eBJNAvQOCrz9
+LkjfcsgcOLdUmrPme7P//f8LZJFkBQSwSLNM+Wf8SRUZKZcFmSLR6jpDLQoongfJ
+A5R+nenJ3MvEQHerTSse6+J2e7rix5cmm30Ngud5aQKBgQDeWIw+F2QsDy2QL50V
+67YpHM80g+VL3HSy0j38DYRiL3NsRCGFfSuxuKm009AH34dqtofAWo+hJQS7Nnkk
+aahyC88gp18zpaynsaD2oNVpnc2Mm/lf3Q+egNAJymG+zVlQX86UDxFSyo4qBsiG
+za3gumF/r1lRgIjJ4wOnLxLuQwKBgQDHdwU2wJB3XTFPd+pxjzmENUUMnIzYNvnI
+gMdpxc1nTZynUJyEVwNsblsIfU1flrTsBWxyp0B2+vPwN0q7k3R7HH2Sae4uy+Id
+qhndW75eEOF88EJpLQ9QQgQDPGJBICBhD/820e5HIOLpTKf/2qsqhZttHXojU94p
+Ls3XNqDgZwKBgHlaSMjGyYSGkC6m3gyNxrEvqSOXbTl3TDYhK3V7ByrzjQKlOMp7
+o7JvACjShjMV2/nxP6xLgSLJaoinVXz7MdV0/opq7znoDZDFEP4qj/ACEaLRqkyZ
+AaJX2bPOQoT53OpSMBR9GM5gATGM3Ds+3MzPzND8qjoidgYCIgdIWQOzAoGBAKpf
+JRrxO/RYq4e/W4cH2Q7uGT5+cWc0/gGezbWw+JNmHYpkNmxrjkcNs7/6lx4wsfRv
+ZYRBC7UVAUuLTtANUQ7e9PscdA+QomDILDOA64eZT6DR70e67zuUR60j5KDP+hgt
++8YtZiNnGapAibbmZhF58Zov9WU7e6Udj0BmLt+9AoGACO6ND2F5T7JXoY+0t3Rf
+tTYQO/R2M7jj4+HhoBbk0bLQ4eYNzw6net/zMpTq7GPQqmtWmO7geVwOxswhNPq+
+1ynnqYCSo1eYjUkRSVQ5YJFlAM6wtwdYq/lEbZh0cn7RVfSNUb4lrRFtNCa7XZmE
+PTVb/YZQ53URA/bNcxo0eM4=
+-----END PRIVATE KEY-----

etc/openvpn/server/clients/emy-laptop.ovpn

@@ -0,0 +1,178 @@
+client
+dev tun
+proto udp
+remote vpn.cutemeli.com 443
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+
+# Server-Zertifikat prüfen (CN = "server" aus easy-rsa)
+remote-cert-tls server
+verify-x509-name server name
+
+cipher AES-256-GCM
+auth SHA256
+verb 3
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUd4INqGTrRX8tpNjILVfLp/FW9JowDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjUxMDA2MTcyNjM1WhcNMzUx
+MDA0MTcyNjM1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL0DDWBsUoqQdvX8UytBHfSZYUmPL/dvyYQt/STT
+7cZKsl0OqV2EzqhGJYPmPHcKiBoeEoqaBsHnLa/c6PbGWrvztFXHotYOMW0Jigv2
+KKotB2GT9k7mhrOcUMuu6J6SossJtlekebQkIBXj7N31m+Zs/k5kayeaScg8cCYW
+o7SwP2afUZ7vSsxisAgEnKsq0fousPguGdT5Ooh0TAUEKl/PR69pGMaXD1MQl5wv
+dcJV3X2GhcXpJbAGuhBjcZB/LCFjtlQ+9IDvhcN4rhWNa0LsMoL3sPh/dsdt0G2c
+bxc4+OuLQ42eWcAV0RsTMGofTULcRuXcA3XvTRllgCWplbUCAwEAAaOBkDCBjTAM
+BgNVHRMEBTADAQH/MB0GA1UdDgQWBBTdFqHUghgUs4N1F02DZ5P7TfJYtzBRBgNV
+HSMESjBIgBTdFqHUghgUs4N1F02DZ5P7TfJYt6EapBgwFjEUMBIGA1UEAwwLRWFz
+eS1SU0EgQ0GCFHeCDahk60V/LaTYyC1Xy6fxVvSaMAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAP0X9x4SQFXaR7FEYwjAQ+uX1EtWQP+GhA3MKQI7scQL6
+TxMc/103x7Ty3Sb0tbG9iOMb5v9rXqiLFyzxqZAh4yiLnsJDwe/OlozfkVcGhXcl
+L67q56je+D/PptD6UoWBYvLPPdu8DNaa/0aVsyE0hXIrjnNYNz8Kb9YXLmbxp051
+/5GxpMdonyEOIxQv40lITDH0Ynlx0QiPF0bqDYT5nsMGx8gRTStKL+WMQGi0CHGe
+PoyOFdR0JdJcR6vvr8b+32fHeIZrpwTrqUoUJuR0HtFrhhIF7es9bmw3px1mMd1M
+OJ+fp9iYT1JcKtB6WeV+TOTkfsFzdg+EIqG4os+ZzA==
+-----END CERTIFICATE-----
+</ca>
+<cert>
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            1a:d4:95:e0:82:c3:d1:97:26:25:51:55:73:00:3d:fe
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Oct  6 17:26:35 2025 GMT
+            Not After : Jan  9 17:26:35 2028 GMT
+        Subject: CN=emy-laptop
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e4:5c:37:61:fa:ac:b0:8a:93:3d:b4:9a:3b:5c:
+                    92:85:da:27:6e:06:d5:c8:3e:fd:a5:68:68:94:7f:
+                    74:c8:b0:b2:8d:f8:d5:b8:17:1f:af:b3:18:23:c3:
+                    09:a0:7c:20:f9:67:67:4c:18:e4:ba:a3:16:b9:8d:
+                    7c:cd:ea:86:0e:42:24:00:db:cb:84:c7:7d:b9:5e:
+                    9c:2c:3d:7e:84:2f:cd:31:72:39:c4:be:ea:53:ce:
+                    62:95:fc:c3:12:ee:e8:28:6c:81:82:17:61:59:c7:
+                    cd:81:58:ad:13:f3:08:d0:99:62:65:e1:34:0e:e0:
+                    00:77:96:45:63:f8:b6:c1:7e:4f:2e:f9:fd:00:4c:
+                    d3:c1:51:0f:d5:44:9c:40:22:64:be:3b:7c:b0:4c:
+                    71:52:05:57:a1:02:f5:b0:95:10:03:c9:be:48:2c:
+                    f6:79:d4:46:1f:33:1a:67:c3:de:02:a0:06:50:74:
+                    20:0b:32:62:ab:28:1b:e9:37:5c:22:b7:81:03:0e:
+                    0d:a6:e9:2d:4a:30:e0:3a:48:6e:93:55:15:30:fd:
+                    fe:9e:03:26:45:ff:05:4c:d0:f9:ad:74:7c:c5:7b:
+                    5e:91:71:a3:96:a2:d3:94:81:80:50:7c:4d:d5:01:
+                    ec:0f:72:15:4c:f9:58:79:70:70:9b:aa:a5:2b:4e:
+                    e3:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                34:04:A6:AE:98:9D:F5:BA:A9:32:EA:B3:70:7E:4D:02:BE:61:A2:5A
+            X509v3 Authority Key Identifier: 
+                keyid:DD:16:A1:D4:82:18:14:B3:83:75:17:4D:83:67:93:FB:4D:F2:58:B7
+                DirName:/CN=Easy-RSA CA
+                serial:77:82:0D:A8:64:EB:45:7F:2D:A4:D8:C8:2D:57:CB:A7:F1:56:F4:9A
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        64:e4:69:7d:d8:2e:8d:20:fd:b2:59:5e:f8:13:41:85:a2:d3:
+        01:2e:84:d7:8c:50:d0:42:fd:c7:e6:3b:5c:b7:fc:77:a6:93:
+        92:54:63:ed:6e:90:24:c4:93:e6:d1:fb:ee:65:7e:4b:98:fb:
+        44:41:0f:7d:a3:5c:cd:44:69:8c:f9:69:0e:4c:77:1e:cb:0b:
+        13:08:22:f4:93:51:89:da:0d:a4:60:e8:6c:3c:a9:7a:a6:6d:
+        92:d1:33:5c:30:bc:43:54:67:85:ae:26:4f:17:d4:40:da:d4:
+        32:96:30:ef:8b:30:7c:04:36:b8:a8:e5:a3:46:97:99:77:c3:
+        77:1e:5c:12:f3:f6:db:b3:49:3a:d7:e9:02:3f:67:58:9a:54:
+        6f:1a:c2:59:52:8c:4a:5f:bd:41:02:d7:ef:99:75:06:64:6b:
+        6a:68:94:f5:3e:04:67:a8:3e:1f:c0:8b:97:e4:cf:72:04:a9:
+        dd:53:24:b9:62:10:90:c3:ab:e1:f4:c5:4e:f5:e5:de:27:85:
+        11:54:8e:11:68:f8:1c:d0:d5:0a:af:a0:64:27:76:0b:51:67:
+        09:4a:d7:21:ee:b4:44:87:34:e6:73:00:e0:64:92:52:ab:6f:
+        1e:8d:de:84:e9:fb:d9:a5:b8:52:48:6f:01:6c:ed:7b:de:8d:
+        b7:9d:9a:56
+-----BEGIN CERTIFICATE-----
+MIIDWDCCAkCgAwIBAgIQGtSV4ILD0ZcmJVFVcwA9/jANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yNTEwMDYxNzI2MzVaFw0yODAxMDkx
+NzI2MzVaMBUxEzARBgNVBAMMCmVteS1sYXB0b3AwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDkXDdh+qywipM9tJo7XJKF2iduBtXIPv2laGiUf3TIsLKN
++NW4Fx+vsxgjwwmgfCD5Z2dMGOS6oxa5jXzN6oYOQiQA28uEx325XpwsPX6EL80x
+cjnEvupTzmKV/MMS7ugobIGCF2FZx82BWK0T8wjQmWJl4TQO4AB3lkVj+LbBfk8u
++f0ATNPBUQ/VRJxAImS+O3ywTHFSBVehAvWwlRADyb5ILPZ51EYfMxpnw94CoAZQ
+dCALMmKrKBvpN1wit4EDDg2m6S1KMOA6SG6TVRUw/f6eAyZF/wVM0PmtdHzFe16R
+caOWotOUgYBQfE3VAewPchVM+Vh5cHCbqqUrTuOJAgMBAAGjgaIwgZ8wCQYDVR0T
+BAIwADAdBgNVHQ4EFgQUNASmrpid9bqpMuqzcH5NAr5holowUQYDVR0jBEowSIAU
+3Rah1IIYFLODdRdNg2eT+03yWLehGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB
+ghR3gg2oZOtFfy2k2MgtV8un8Vb0mjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
+HQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGTkaX3YLo0g/bJZXvgTQYWi0wEu
+hNeMUNBC/cfmO1y3/Hemk5JUY+1ukCTEk+bR++5lfkuY+0RBD32jXM1EaYz5aQ5M
+dx7LCxMIIvSTUYnaDaRg6Gw8qXqmbZLRM1wwvENUZ4WuJk8X1EDa1DKWMO+LMHwE
+Nrio5aNGl5l3w3ceXBLz9tuzSTrX6QI/Z1iaVG8awllSjEpfvUEC1++ZdQZka2po
+lPU+BGeoPh/Ai5fkz3IEqd1TJLliEJDDq+H0xU715d4nhRFUjhFo+BzQ1QqvoGQn
+dgtRZwlK1yHutESHNOZzAOBkklKrbx6N3oTp+9mluFJIbwFs7XvejbedmlY=
+-----END CERTIFICATE-----
+</cert>
+<key>
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDkXDdh+qywipM9
+tJo7XJKF2iduBtXIPv2laGiUf3TIsLKN+NW4Fx+vsxgjwwmgfCD5Z2dMGOS6oxa5
+jXzN6oYOQiQA28uEx325XpwsPX6EL80xcjnEvupTzmKV/MMS7ugobIGCF2FZx82B
+WK0T8wjQmWJl4TQO4AB3lkVj+LbBfk8u+f0ATNPBUQ/VRJxAImS+O3ywTHFSBVeh
+AvWwlRADyb5ILPZ51EYfMxpnw94CoAZQdCALMmKrKBvpN1wit4EDDg2m6S1KMOA6
+SG6TVRUw/f6eAyZF/wVM0PmtdHzFe16RcaOWotOUgYBQfE3VAewPchVM+Vh5cHCb
+qqUrTuOJAgMBAAECggEAZtN3RLEhbWUYo+JcyHoIqCjxNEPzo3VptT9sR+GUboHS
+BMeVRI11ASJ9riy2ewMpvePnyYY0CC5Dn02scvQ1ZNo3aAOQgrtpSzzkya7u9wqn
+NKqghI0K6q22Cp+EH1RgSUOClVd9yHWFfca2OJNo1rUab5GWZVRMIY0Stc9aS4mA
+lFG7aw5LJ7NP+Jh4E9XFjzr9IyraV+7h+G0qAZLE8qsA4j8vbtlApojAf9cKPFCc
+MYUeqVjqNx+fBb7E3t13+ffCG2Y/DNinxFMpV7kN7t+fYubZovZsZXdFEYatHCP5
+fMKDwBQYUfmK/pQmDip/HhlOJ8t11uQxQ5UPe3GKeQKBgQD9j9IOunGIPcN5xhZW
+36Y/ZqD/e9hjnqc3LKwFwcElPaXphA/zv1m83tesr+uMRNJIJ1FL+tVv8QtcIGrC
+Ha7oYlbK1mAN6HrVa8tvNZ0wEwRTgdyVtwRnCgBm2ONp7IGW2wX9oK89C3vwky4p
+c1Pm9QLKGqIQryFyolIJcJmgLwKBgQDmjlvB9DolWASKfNRJrVRigoFhX8JXWETv
+clEwzGGX1AmrzyFIE4fQMpYdZk3C2hyTuKlgXqZyXvlRr7rvFxMe0WcEMC7zUgd6
+YFMifgVL6rE/PXpgy6JdMwMBaaP6yxYUz1FbyL0WixZq1bllBm5Z+Xu7RLfNS71a
+urWqLXPRxwKBgQCYOazBXNtmELZ3OB4XP6O+Mm37k61geVIoRLBtsFm1cuJVZAxz
+qHBGfH581QyTpImd+cTL2aYj01GfmHKfYVStfMRgd/0ovGZqFJIIjOZ2gyQ4wiDc
+3QhOl+mP1SwKXouaNpnNH5e1DVz2HFY9WliHspZfIUgkvg9Vk++ubSQ9zwKBgGCR
+XAl+/CPMHArNgjVh7ihctUhNzZ68EBOi9DLWSEJJw8s8tJn15DrmFU43HXbx2Gpf
+PEJrIphhA1idnFSse4u69cUhUWkFALDXS7r0wc8sfBUa8Pk+EcGrriSXVOGk0pjg
+xRkGmXypwTf6UO7ppKr2/kZP4BSTFrq73X9sDkjdAoGBAPpMwaZ8MpLia/WBP7+z
+1A3zUKIjUFysmtacYEUEIRvgivfWkQpCpFjrJN0hwrib2Agzl7fGRpD9tu6/iDFo
+y1ZsWNb5x3StniIFHR+zgWU9+Gd3XMBw4uivWi0cppaYBi8ndNlY59OOL1o8rldJ
+RjRKcYht2Pscsbze8xPJVLt8
+-----END PRIVATE KEY-----
+</key>
+<tls-crypt>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+2392b1016273c40de4e40b2b51143c9a
+6beb051f7dabd6b6cf72df7f6ad95734
+888d5367964942e7967670c36838d3a8
+4d9e0ff1fd1d4324e7e30079323c6999
+c80caa9ab413d11dcd606427ab1019db
+a196d49390f0574c442e261c1b36351d
+c2cea1948f38fcd81fa24cd4a6170812
+7cd9c1c61730a45978a17c0116ad0049
+91edd19ba2a20b427b2edaec1a505240
+8b99ac378075c457380bba98753aeea8
+7278a58342ec1d6d99455c89ba5d80c3
+445abfb19be5fa599be818a69c7ba08c
+9df639d748ca20805ace0cac228f6a75
+d220248d8e5994e2b670d8922f04614c
+d8725d5078f4402aef70d2223d86293c
+80ace45400951df438bad35b0e9fcbf5
+-----END OpenVPN Static key V1-----
+</tls-crypt>

etc/openvpn/server/ipp.txt

@@ -0,0 +1 @@
+emy-laptop,10.10.0.2,

etc/openvpn/server/server.conf

@@ -0,0 +1,43 @@
+port 443
+proto udp
+dev tun
+
+topology subnet
+server 10.10.0.0 255.255.255.0
+ifconfig-pool-persist /etc/openvpn/server/ipp.txt
+
+# Zertifikate/Keys
+ca /etc/openvpn/server/ca.crt
+cert /etc/openvpn/server/server.crt
+key /etc/openvpn/server/server.key
+dh none
+tls-crypt /etc/openvpn/server/ta.key
+
+# TLS/crypto
+cipher AES-256-GCM
+data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
+auth SHA256
+remote-cert-eku "TLS Web Client Authentication"
+#verify-x509-name server name
+mssfix 1400
+tun-mtu 1500
+fragment 1400
+
+# Keepalive & Robustheit
+keepalive 10 120
+user nobody
+group nogroup
+persist-key
+persist-tun
+explicit-exit-notify 1
+verb 3
+
+# DNS/Routen:
+# (Split-Tunnel = nichts pushen; Full-Tunnel = unten 3 Zeilen aktivieren)
+#push "redirect-gateway def1 bypass-dhcp"
+#push "dhcp-option DNS 1.1.1.1"
+#push "dhcp-option DNS 8.8.8.8"
+
+push "route 10.10.0.0 255.255.255.0"
+
+status /var/log/openvpn-status.log

etc/openvpn/server/server.crt

@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            f1:1c:11:e2:7c:13:a1:8e:3d:8b:fd:00:10:6d:3e:a9
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Oct  6 17:26:35 2025 GMT
+            Not After : Jan  9 17:26:35 2028 GMT
+        Subject: CN=server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bb:2e:ae:5e:e6:9d:d0:ec:e1:63:6d:c8:a8:a5:
+                    08:5f:cb:60:b9:8d:14:59:18:22:46:11:cb:ef:fa:
+                    06:a9:40:05:ef:86:7b:a6:96:1e:45:f0:e2:5e:d1:
+                    86:b5:95:e0:a9:1c:bd:c2:82:4e:c0:58:af:29:c3:
+                    69:fd:c3:a1:33:ad:eb:a0:d4:ea:54:73:1c:f3:a1:
+                    9c:4a:01:02:c9:20:84:11:8c:59:0d:9b:c7:78:4a:
+                    fa:31:d7:85:19:28:05:b0:29:18:3d:73:9e:a6:af:
+                    db:4d:1a:9c:d0:a7:9d:0a:88:a3:fe:54:60:f3:97:
+                    f2:e8:c1:ca:49:8b:6a:ce:40:47:b4:0d:16:37:1d:
+                    d2:23:9b:3a:5a:dc:cb:9f:2e:dc:c9:07:6c:e7:bc:
+                    bb:f9:11:73:1b:e2:18:23:be:07:4a:9e:d0:19:b8:
+                    a1:75:15:64:cb:b2:df:0a:a0:24:5e:5d:0f:31:ad:
+                    38:5d:43:4a:25:4d:f0:22:a1:ad:eb:46:df:d9:7f:
+                    bf:d0:63:50:af:a3:a8:27:98:24:bb:ac:e9:b6:e5:
+                    df:a9:08:b9:04:c0:41:83:7c:0b:8d:cb:68:24:51:
+                    d6:8c:15:21:53:f8:f5:b4:b0:3e:1c:ef:33:43:f0:
+                    ff:df:81:2d:fb:b5:00:52:c3:e7:08:d2:41:13:96:
+                    02:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                0F:D3:A1:AB:04:98:97:E8:C0:56:11:18:8D:17:EB:BA:F9:4D:D4:83
+            X509v3 Authority Key Identifier: 
+                keyid:DD:16:A1:D4:82:18:14:B3:83:75:17:4D:83:67:93:FB:4D:F2:58:B7
+                DirName:/CN=Easy-RSA CA
+                serial:77:82:0D:A8:64:EB:45:7F:2D:A4:D8:C8:2D:57:CB:A7:F1:56:F4:9A
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        61:73:c8:ad:42:75:c8:ef:d1:a3:86:06:d2:d3:ca:8c:dd:d7:
+        c4:85:71:b9:bc:04:9e:82:d3:13:b2:d0:ea:d9:40:0b:a0:00:
+        4b:df:c7:95:20:43:d1:0f:a8:c9:4d:aa:0e:84:7f:cd:86:14:
+        b3:fc:1d:04:c8:33:fd:66:77:aa:9b:52:2d:ea:b2:bf:59:38:
+        c9:b1:0e:b2:37:c3:32:3e:11:32:98:50:a3:97:aa:b8:5e:23:
+        b6:83:d7:da:57:97:b5:30:28:ee:2a:49:e4:42:e6:1f:32:4f:
+        b8:3c:14:7b:17:24:38:70:64:a3:21:c8:1e:65:59:d4:66:9c:
+        4c:05:d3:23:1b:97:f6:d4:9c:a9:cf:12:42:77:a5:3d:b4:8a:
+        f5:5e:00:7d:e9:ff:39:23:13:0d:6a:5b:b6:d4:36:eb:d9:b6:
+        6a:2f:f1:42:7c:59:d7:24:54:7f:b1:1b:63:ca:8e:67:28:d1:
+        d8:8c:50:d5:4e:5e:e7:3f:b9:53:5b:3b:1f:a3:8c:86:1e:96:
+        07:dc:5e:e0:31:e5:fb:c2:3e:8b:8d:52:21:3e:1c:eb:ad:24:
+        cd:44:5c:1d:6a:28:cc:d8:eb:0e:68:79:6b:c3:7e:09:b2:7e:
+        32:7d:c9:7b:fa:8f:46:79:5e:e1:ad:c6:cc:18:b2:04:f9:5a:
+        7a:bb:ca:2d
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIRAPEcEeJ8E6GOPYv9ABBtPqkwDQYJKoZIhvcNAQELBQAw
+FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjUxMDA2MTcyNjM1WhcNMjgwMTA5
+MTcyNjM1WjARMQ8wDQYDVQQDDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC7Lq5e5p3Q7OFjbciopQhfy2C5jRRZGCJGEcvv+gapQAXvhnum
+lh5F8OJe0Ya1leCpHL3Cgk7AWK8pw2n9w6Ezreug1OpUcxzzoZxKAQLJIIQRjFkN
+m8d4Svox14UZKAWwKRg9c56mr9tNGpzQp50KiKP+VGDzl/LowcpJi2rOQEe0DRY3
+HdIjmzpa3MufLtzJB2znvLv5EXMb4hgjvgdKntAZuKF1FWTLst8KoCReXQ8xrThd
+Q0olTfAioa3rRt/Zf7/QY1Cvo6gnmCS7rOm25d+pCLkEwEGDfAuNy2gkUdaMFSFT
++PW0sD4c7zND8P/fgS37tQBSw+cI0kETlgJLAgMBAAGjgbUwgbIwCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUD9OhqwSYl+jAVhEYjRfruvlN1IMwUQYDVR0jBEowSIAU3Rah
+1IIYFLODdRdNg2eT+03yWLehGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR3
+gg2oZOtFfy2k2MgtV8un8Vb0mjATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E
+BAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IBAQBhc8it
+QnXI79GjhgbS08qM3dfEhXG5vASegtMTstDq2UALoABL38eVIEPRD6jJTaoOhH/N
+hhSz/B0EyDP9Zneqm1It6rK/WTjJsQ6yN8MyPhEymFCjl6q4XiO2g9faV5e1MCju
+KknkQuYfMk+4PBR7FyQ4cGSjIcgeZVnUZpxMBdMjG5f21JypzxJCd6U9tIr1XgB9
+6f85IxMNalu21Dbr2bZqL/FCfFnXJFR/sRtjyo5nKNHYjFDVTl7nP7lTWzsfo4yG
+HpYH3F7gMeX7wj6LjVIhPhzrrSTNRFwdaijM2OsOaHlrw34Jsn4yfcl7+o9GeV7h
+rcbMGLIE+Vp6u8ot
+-----END CERTIFICATE-----

etc/openvpn/server/server.csr

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEYDCCAkgCAQAwGzEZMBcGA1UEAwwQdnBuLmN1dGVtZWxpLmNvbTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKLCeWvZl9hgbhWEx70NE6T2al5QlJ/5
+TQQc626lO9Oh9X4xwjtB1CDxATjai8QQymQNtNti2uHVUG3XgPzmjZiQcvjgp7PB
+6yoD75B8fqn2i8wvabTCeISTtBkYjyVTI18KY/3zJ7KvADl37xu8+ChUY+tcFmRa
+a7DNNAX4amFdyhgCBCb9g+Gitw+dIBIwyQkZVwkjhh8JwNmz9LFY20WuJfVhODWB
+QX8BsbnoySLUhFlUENSCEGsICmsGRl0rzHSP6f17GAFXwMbpuxWJ4pK0943AsatD
+y3THfSW1FX/vYnUFgfTSY+eXzJ3GCLUIDAmg48UjFY+JtM55hh2r6cM+AoZO7XHU
+XycQEhRzlT3yphlNY40arZZeGIV/lXc3exAGkEhRZygBi0dqb8hOXoB3sOiGGrd4
+d1X/gEnZJkdnQBWyR9pb7SJ42IPpc3Y7zJ3RutShoKlp1RDlLeA+gSbgHv+147TP
+bq0LgC0AMoxaxOxrs4VqSExGB5WlAPdti/byxphwH1S3RSQW44MBLgTtRFSFZjCB
+tkSGOd9KavxE4c5V6Bh/uZ+ikZEZnW3ZR2ku43oNX/FQ2gjN/KC1m/f9nO/Lp4np
+8Z0JayiyeoHw6LhIT4a9hQhzbKYKBXrfXaxAxD8f1bTNDU7RjQqcCjnlDwR9IDod
+h9YNr8RuuWgjAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAEo/rutNW17Kg1nzK
+6rAbRoDfBEKTDh/2HshM0bmxP4uI3K0BMNZO8xm/ubSACK9cS45E/aOrf5R7E2JJ
+rC/wNZygeT60u0ZvJoYIIcfqN/u5xEXSeicFdrkJYZfnPsY9xHzMlykvsf8zejCC
+lwW9mFSOkzhw4KqsKHPNMSmNJ1bFFpDIUgUZbkislHbZR94xwuauGKgg7K87SI2D
+6LR0w+Cdq2j7kumyuOT5sha0XWBMGejWASzUkL7eTlgEbVlmlmnLUpl1eall8kD9
+R/k1QRt1Q3BkNWGC4u2oo7jNaAII0VUMwQ/nHg60jC+Jy1A0fk644E/5PX1SIfhg
+0cubYpyw2OvTaIGwuuWVGQi0RmMl7qDkcrRWSPGFNB7eooNh+VdHwjfUoYf+CIPu
+XqE3fKZ1aCjTUOj0KNRv8TX2qYjfXFLGK2H7xzLc4dZOv7uhO4SzgFttDgdFHFYn
+AFYp15j5lJ20b5wQY94XkKwJuxSxePyTC0xI21SNE4WiukB57IgHEv3dWf8Sep77
+zwAE0Z9se2jpm1jL8TpmIvpuQlxUGVWwrApqKHYPHdDk95M+ngCxU1Cs3E+IYCL6
+37tmAouG8hUXHWwxSCiwnQn8ON87xFzrB8etLkNZP8KqCJH5KT9u0nQ2isluW8mu
+S17rCg8cF1uvimm125r9i1TmChk=
+-----END CERTIFICATE REQUEST-----

etc/openvpn/server/server.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7Lq5e5p3Q7OFj
+bciopQhfy2C5jRRZGCJGEcvv+gapQAXvhnumlh5F8OJe0Ya1leCpHL3Cgk7AWK8p
+w2n9w6Ezreug1OpUcxzzoZxKAQLJIIQRjFkNm8d4Svox14UZKAWwKRg9c56mr9tN
+GpzQp50KiKP+VGDzl/LowcpJi2rOQEe0DRY3HdIjmzpa3MufLtzJB2znvLv5EXMb
+4hgjvgdKntAZuKF1FWTLst8KoCReXQ8xrThdQ0olTfAioa3rRt/Zf7/QY1Cvo6gn
+mCS7rOm25d+pCLkEwEGDfAuNy2gkUdaMFSFT+PW0sD4c7zND8P/fgS37tQBSw+cI
+0kETlgJLAgMBAAECggEAEng7YccvsKXZt43loX5nTSHW8Xgnly2idCIywAMpFRo+
+0QZcEnFNm2khbRRk+RXzjRGg8nMZLNw+AcjzycO77EraV+GqcvAeMzaxzTuRosw/
+5oYKuM+zkahpoka52Lmc62eiqgL2l0v9lPtt7cjG3iXiyKhayK59nCntuUQLIz6u
+kSCTV8+d0e59VOfH9U/D3GXBTEwmdgweIATwEI+iToitX5fHtv6vgxkUiKpQW5mr
+ovRKhRGbPvwc9WO3qTEiT+5RZaVpjRX1rMYejnllQo5jFLFqZ2r9wWfjiWTvLAAr
+0tlI6qXve+UMd+69Fwq04KNFWgoT1UtYMu3pCrPegQKBgQDnGj38p8Edkinl2Np3
+xcT7asVGcOOfTiG2LhxjvpdLE7HbhJiOB/MAIfO6LbuHHrvDBSUAdAp5H1JzOIvR
+F9piTCb66NdGW0TNNfjPDoBTP5vhMHwGB1p9A4Ysueob8HVJWKNV+8gchyNIqHqh
+62cztcjBKo4ujOEM2m6awV4cYwKBgQDPWSFe5vidtFIBgNtJTVZN1PUSbkro2lbs
+RSqEkRRAxg/ZVeXUjo6NjW5mWdMMtE6QL+nBukrbIme/yM4WlnrrgsPd+mKVlEII
+H7XmVSIYKC43xwTexGOOl5hagFugnoKdjMNap4RffgY9rTqfr22PwHbXi9ET4f/g
+el3lvh/i+QKBgHaOsuAr21llQ5NDtYgecFiexMfHYC64sXi5nRzaiNkeKG86Td0H
+XPVjdZq8nWjLLn305K+f2EOc+vpbNvc0qnclJBYyX0YbymcQWi02/kQ27KwQ6H9b
+RGO/7BSD6AMfT7wp+dlBir5/4W0D6a2pi08u4eefAkQFR+sFIBrKOpKLAoGBAMef
+QOB0L9DsxLLL0tKMkVVXfCYlZxss8diAcoG0hzIhPSr5Zs6v/JBNJIeHXQfzI1vv
+tPYdG2pDgm0Cr17Ruz+34kh4gacOWFAn72D0f2GQdYafpZGus0aZrkUbJJvLX2a9
+GWrSsj+ZPfrtJu6L30gxfHjiFAU3ZLhCNtozo9FJAoGBAMKDchAFjYTsz1+bqdCd
+k5hOGJzIIbOpnrL3aPhzrzyc1G+QS7D5rxAL5AxlQgFlU/Z3c6t57jsKv0CqC4dg
+KkyxTdvRr8NZ2piMdAbJ6PeF2qRjmThGHT/K9Y/LyeQ0DJrppJ+IkwmNR9jtMmDq
+gRCWnkwSGjoAPmcA4eGMGpRD
+-----END PRIVATE KEY-----

etc/openvpn/server/ta.key

@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+2392b1016273c40de4e40b2b51143c9a
+6beb051f7dabd6b6cf72df7f6ad95734
+888d5367964942e7967670c36838d3a8
+4d9e0ff1fd1d4324e7e30079323c6999
+c80caa9ab413d11dcd606427ab1019db
+a196d49390f0574c442e261c1b36351d
+c2cea1948f38fcd81fa24cd4a6170812
+7cd9c1c61730a45978a17c0116ad0049
+91edd19ba2a20b427b2edaec1a505240
+8b99ac378075c457380bba98753aeea8
+7278a58342ec1d6d99455c89ba5d80c3
+445abfb19be5fa599be818a69c7ba08c
+9df639d748ca20805ace0cac228f6a75
+d220248d8e5994e2b670d8922f04614c
+d8725d5078f4402aef70d2223d86293c
+80ace45400951df438bad35b0e9fcbf5
+-----END OpenVPN Static key V1-----

etc/openvpn/update-resolv-conf

@@ -0,0 +1,63 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+if [ ! -x /sbin/resolvconf ] ; then
+    logger "[OpenVPN:update-resolve-conf] missing binary /sbin/resolvconf";
+    exit 0;
+fi
+
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	foreign_options=$(printf '%s\n' ${!foreign_option_*} | sort -t _ -k 3 -g)
+	for optionvarname in ${foreign_options} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+